How to enumerate HTTP listeners from a Java EE web app

Question

I have a web app with a web-based configuration UI. If the user accesses via HTTP, I want to alert the user that they should really use HTTPS and give them a link to click on to get to the HTTPS-prefixed URL.

Now, this is pretty straightforward if we're on the default ports, but often, we're not - for example, HTTP might be on 8080, with HTTPS on 8181. I can have some heuristics for figuring out which port to use, e.g. 80->443, 8080->8181, but is there any way to get a list of ports and protocols back from the web container? Ideally Java EE standard, but even container-specific would be a start...

EDIT - one clarification - this is for an 'off-the-shelf' application (OpenSSO), so I'd really like to be able to (a) give the user the choice to go ahead and use an insecure port if they really want to (e.g. they're deploying on their laptop on some container without a secure port) and (b) not make the user edit server.xml.

Answer 1

You could transfer them automatically to https by using configuration only.

in your web.xml:

<user-data-constraint>
  <transport-guarantee>
    CONFIDENTIAL
  </transport-guarantee>
</user-data-constraint>

and in your server.xml in the HTTPConnector:

redirectPort="YOUR_SSL_PORT"

Answer 2

In case you have a load balancer, usually it can be configured to perform that kind of redirect automatically.

Answer 3

If I read your question correctly, you can query the ServletRequest getProtocol to see if the connection is coming in as HTTP or HTTPS and what version. As a bonus you can get which port.

Make the decision and redirect (or forward) to the app specified port.

For further clarification to answered; Enabling HTTPS communication support