At the top of jsp page , i added the following line
JSPHttpRedirect.redirectToHTTPS(request,response);
JSPHttpRedirect.java file contains
import org.apache.log4j.*;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** This object is used by JSP pages in order to redirect the user from
the
* https login screen to the url they requested. The only catch is that
the
* URL the user requested required http. Therefore this object will
* change the protocol of the URL back to http instead of https.
*
* @author psantos
*/
public class JSPHttpRedirect
{
public final static boolean DEBUG = false;
static Logger log = GetDataBaseConnection.log;
/** Creates a new instance of JSPHttpRedirect */
public JSPHttpRedirect()
{
}
/** This will redirect the user from the http login page to
* the https page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTPS(HttpServletRequest request,
HttpServletResponse response)
{
System.out.println("issecure==>"+request.isSecure());
if(!request.isSecure())
{
String reqURL = request.getRequestURL().toString();
if(reqURL.startsWith("http"))
{
reqURL = reqURL.substring(4);
reqURL = "https"+reqURL;
reqURL = reqURL.replace("8080", "8443");
System.out.println("reqURL-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);
if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);
}
}
}
}
/** This will redirect the user from the https secured pages to
* the http page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTP(HttpServletRequest request,
HttpServletResponse response)
{
log.info("issecurehttp==>"+request.isSecure());
// we came from a secure login but we intended to use http.
// therefore we need to convert the URL to use http protocol
String reqURL = request.getRequestURL().toString();
if(reqURL.startsWith("https"))
{
reqURL = reqURL.substring(5);
reqURL = "http"+reqURL;
reqURL = reqURL.replace("8443", "8080");
log.info("reqURLHttp-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);
// depending on the browser do the appropriate thing to
// avoid a popup being shown to the user that they were
// redirected from an https to an http URL.
if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
// }
//}
}
}
/** This method determines the type of browser the request is from.
* If the browser is a netscape or mozilla browser return true.
* If it's internet explorer return false.
* @param request The object that represents the client request.
*/
public static boolean isMozillaBrowser(HttpServletRequest request)
{
// this snipet of code was found over the web on 11/09/2005
//
http://hotwired.lycos.com/
// webmonkey/01/22/index3a_page4.html?tw=programming
String agent = request.getHeader("USER-AGENT");
if (null != agent && -1 != agent.indexOf("MSIE"))
{
return false;
}
return true;
}
}