Redirection between HTTP URL and HTTPS URL is not followed.
Symptoms
When running applet in browser using Sun JVM, if the applet
makes HTTP
requests to a server which redirects to a HTTPS URL, the
redirection
would fail. It fails also in the case of making HTTPS requested
to a
server which redirects to a HTTP URL.
The same applet runs properly in Microsoft VM.
Cause
The issue is caused by the HTTP/HTTPS redirection policy
implemented in
Sun JVM; because of serious security consequences, redirection
between
HTTP and HTTPS is not automatically followed.
HTTP/HTTPS redirection is followed in MSVM, given a security
warning
dialog prompts the users everytime before the redirection is
followed.
Resolution
To workaround the problem, it is the application responsibility
to check
the response code and recognize it as a redirect. The Location
header
field value can be checked for the redirect information, and
then the
application must decide whether or not to follow the redirect
using the
new protocol. For example,
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = conn.getInputStream();
....
is.close();
}
The code should be changed to
private InputStream openConnectionCheckRedirects(URLConnection
c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in = null;
do
{
if (c instanceof HttpURLConnection) {
((HttpURLConnection)
c).setInstanceFollowRedirects(false);
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = new URL(base, loc);
}
http.disconnect();
// Redirection should be allowed only for HTTP
// and HTTPS, and should be limited to 5
// redirections at most.
//
if (target == null
|| !(target.getProtocol().equals("http")
||
target.getProtocol().equals("https"))
|| redirects >= 5)
{
{
throw new SecurityException("illegal URL
redirect");
}
redir = true;
c = target.openConnection();
redirects++;
}
}
} while (redir);
return in;
}
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = openConnectionCheckRedirects(conn);
....
is.close();
}
Related Information
没有合适的资源?快使用搜索试试~ 我知道了~
Java 7/J2SE 1.7 API 文档(英文版,CHM 格式)
共99个文件
gif:53个
class:23个
java:11个
4星 · 超过85%的资源 需积分: 50 74 下载量 18 浏览量
2011-11-15
12:13:28
上传
评论 3
收藏 43.04MB ZIP 举报
温馨提示
这是由法国 Franck Allimant 编译生成的 CHM 格式的 Java 7 API 文档。 资源出处: http://www.allimant.org/javadoc/ 要下载该文档资源,必须同意 SUN 的许可协议,SUN 的许可协议副本参见: http://www.allimant.org/javadoc/sun_license.html CHM 格式的帮助文档比纯 HTML 格式的文档有许多优点: ·文档内容结构表 ·索引 ·全文搜索 ·书签(收藏) 使用 CHM 格式的帮助文档将大大节省查阅文档的时间。
资源推荐
资源详情
资源评论
收起资源包目录
j2se7.zip (99个子文件)
j2se7.chm 41.19MB
j2se7.ico 766B
Web site.url 86B
applets
technotes
guides
imf
api-sample
ActiveClient.class 4KB
package-list 0B
CompositeIterator.class 3KB
LWTextComponent.java 14KB
ActiveClient.java 15KB
PeeredTextArea.class 935B
stylesheet.css 1KB
MouseFocusListener.class 475B
AppletWindowListener.class 586B
IMFDemo.class 4KB
LWTextComponent.class 5KB
PeeredTextArea.java 2KB
IMFDemo.java 6KB
2d
samples
Blur.java 4KB
images
bld.jpg 13KB
boat.gif 61KB
BufferedShapeMover.java 9KB
BidiSample$1.class 468B
Blur$1.class 369B
Sharpen.java 4KB
BufferedShapeMover.class 1KB
Edge.java 4KB
BSMCanvas.class 4KB
Rescale.class 3KB
Blur.class 3KB
Rescale.java 4KB
BidiSample.class 2KB
Sharpen.class 3KB
Edge$1.class 369B
Sharpen$1.class 375B
BufferedShapeMover$1.class 397B
LookUp$1.class 373B
Edge.class 3KB
Rescale$1.class 375B
Imaging_Samples.zip 87KB
BidiSample.java 4KB
LookUp.java 4KB
LookUp.class 3KB
deployment
deployment-guide
images
warning_expired_true.gif 9KB
general-2.gif 12KB
general-3.gif 44KB
jnlp-java-runtime-settings.gif 6KB
update-3.gif 58KB
warning_askgrant_notinca_true_mozilla.gif 8KB
warning_expired_false.gif 8KB
applet.gif 113KB
update.gif 9KB
warning_notinca_warning_false.gif 7KB
certificates-3.gif 9KB
warning_notinca.gif 8KB
applet.jpg 2.3MB
update-2.gif 14KB
console.gif 7KB
java-runtime-settings-3.gif 13KB
java-2.gif 10KB
advanced-3.gif 12KB
advanced-network-settings-2.gif 8KB
javalogo52x88.gif 1KB
warning_example_1.gif 15KB
jnlp-runtime-settings-2.gif 9KB
applet-runtime-settings.gif 4KB
warning_askgrantdialog_false.gif 5KB
security-3.gif 9KB
warning_notinca_warning_true.gif 13KB
advanced-2.gif 9KB
security.gif 5KB
general.gif 6KB
jnlp-runtime-settings-3.gif 32KB
advanced-network-settings.gif 5KB
java-runtime-settings-2.gif 7KB
certificates.gif 5KB
advanced-network-settings-3.gif 25KB
java.gif 6KB
java-3.gif 11KB
certificates-2.gif 9KB
security-2.gif 9KB
advanced.gif 9KB
java-console-1.gif 12KB
upgrade-guide
article-17.txt 4KB
images
java-icon-graybox.gif 4KB
browser-3.gif 13KB
systray-2.gif 2KB
javalogo52x88.gif 1KB
java-console-2.gif 14KB
java_logo.gif 3KB
get_java_red_button.gif 3KB
getjava_med.gif 5KB
browser-2.gif 17KB
javalogo75x127.gif 4KB
java-icon-systray.gif 4KB
java-console-1.4.2_01.gif 14KB
javalogo65x110.gif 3KB
styles
style1.css 236B
NervousText.class 4KB
styles
style1.css 30B
mm_menu.js 30KB
共 99 条
- 1
LoveTide
- 粉丝: 16
- 资源: 31
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
- 4
前往页