I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.
I thought I can use request.getProtocol() but it returns HTTP/1.1 on both methods.
Any ideas?
HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:
- If the ServletContainer can itself accept requests on https.
- If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.
The Container should also make this request attributes available when the request is received on https:
- javax.servlet.http.sslsessionid
- javax.servlet.request.key_size
- javax.servlet.request.X509Certificate