我发现很多关于在heroku下强制执行HTTPS的问题,但没有关于java的回复.
这是我找到的链接:
Scala:http://www.andersen-gott.com/2012/03/using-unfiltered-and-https-on-heroku.html
Rails:Rails - 如何从http://example.com重定向到https://www.example.com
请注意我使用Spring MVC 3.1所以我更喜欢基于WebMvcConfigurerAdapter.addInterceptors(InterceptorRegistry注册表)的解决方案
这是一个Servlet过滤器,它将所有非https请求重定向到https:
package com.jamesward;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class HttpsEnforcer implements Filter {
private FilterConfig filterConfig;
public static final String X_FORWARDED_PROTO = "x-forwarded-proto";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (request.getHeader(X_FORWARDED_PROTO) != null) {
if (request.getHeader(X_FORWARDED_PROTO).indexOf("https") != 0) {
response.sendRedirect("https://" + request.getServerName() + (request.getPathInfo() == null ? "" : request.getPathInfo()));
return;
}
}
filterChain.doFilter(request, response);
}
@Override
public void destroy() {
// nothing
}
}
我这样做是作为Servlet过滤器,因为我无法获得Spring拦截器来拦截静态资产(资源)请求.
完整来源:https://github.com/jamesward/springmvc-https-enforcer