• Post Reply Bookmark Topic Watch Topic
  • New Topic

exclude url-pattern in filter-mapping

 
Swapan Mazumdar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

How can I specify a filter to work on all URI excluding one URI.
Does <filter-mapping> allow to exclude <url-pattern>?
Let me explain my requirements. When the host scheme changes to https let say like https://xyz.com/default1.jsp, the next URI request should be served on http host scheme.
I would like to provide access to www.xyz.com/default1.jsp only on https host scheme.

Has anybody had similar requirements?

regards,
Swapan
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could create a filter that checks the isSecure() property of HttpServletRequest and redirects to https:.... and map it to that one page.

Note: Jumping back and forth from secure to non-secure can often wreck havoc with your sessions. I know that Tomcat (not sure about all other servers) will start a new and separate session when you move from non-secure to secure.

Browsers will also fire off popup warnings when a user moves from a secure to a non-secure site or if a link to resource on a secure page (such as an image) has a fully qualified, non-secure url.
 
Swapan Mazumdar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ben Souther:
...Note: Jumping back and forth from secure to non-secure can often wreck havoc with your sessions. I know that Tomcat (not sure about all other servers) will start a new and separate session when you move from non-secure to secure....

Ben,

You scared me more than I could say .
Do you think that all session related data will be lost when the host scheme is changed from non-secure to secure. Or you gust meant that new session id will be created.
My requirement is analogous to the normal shopping cart. Adding items in non-secure scheme and switch to secure for the payment details. It is just that additionally I want to switch it back to non-secure when payment is confirmed.

Please comment.

thanks,
Swapan
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It wouldn't be hard to check.
Just write some println statements that log the session ID.

What conatiner are you using?
Is your shopping cart only going to exist in memory (session) or are you also storing the data in your database?
Most major online vendors allow you to add to your cart and come back days or weeks later to resume where you left off. If your cart only exists in session, users won't be able to do that.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!