How can I know if the request to the servlet was executed using HTTP or HTTPS?

Question

I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.

I thought I can use request.getProtocol()

Answer 1

HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:

• If the ServletContainer can itself accept requests on https.
• If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.

The Container should also make this request attributes available when the request is received on https:

• javax.servlet.http.sslsessionid
• javax.servlet.request.key_size
• javax.servlet.request.X509Certificate

Answer 2

https and http runs on different ports. So you can get the port from the request and know from which port the request came and so that you can know the protocol. int port=request.getServerPort();

Answer 3

You can't reliably depend on port numbers.
But you can depend on the scheme:

Use: request.getScheme() to see if it is https.

If it is then it is secure connection.

I believe this should work regardless of Tomcat version

Answer 4

isSecure. Be sure to check the inherited methods.