Redirection between HTTP URL and HTTPS URL is not followed.
Symptoms
When running applet in browser using Sun JVM, if the applet
makes HTTP
requests to a server which redirects to a HTTPS URL, the
redirection
would fail. It fails also in the case of making HTTPS requested
to a
server which redirects to a HTTP URL.
The same applet runs properly in Microsoft VM.
Cause
The issue is caused by the HTTP/HTTPS redirection policy
implemented in
Sun JVM; because of serious security consequences, redirection
between
HTTP and HTTPS is not automatically followed.
HTTP/HTTPS redirection is followed in MSVM, given a security
warning
dialog prompts the users everytime before the redirection is
followed.
Resolution
To workaround the problem, it is the application responsibility
to check
the response code and recognize it as a redirect. The Location
header
field value can be checked for the redirect information, and
then the
application must decide whether or not to follow the redirect
using the
new protocol. For example,
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = conn.getInputStream();
....
is.close();
}
The code should be changed to
private InputStream openConnectionCheckRedirects(URLConnection
c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in = null;
do
{
if (c instanceof HttpURLConnection) {
((HttpURLConnection)
c).setInstanceFollowRedirects(false);
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = new URL(base, loc);
}
http.disconnect();
// Redirection should be allowed only for HTTP
// and HTTPS, and should be limited to 5
// redirections at most.
//
if (target == null
|| !(target.getProtocol().equals("http")
||
target.getProtocol().equals("https"))
|| redirects >= 5)
{
{
throw new SecurityException("illegal URL
redirect");
}
redir = true;
c = target.openConnection();
redirects++;
}
}
} while (redir);
return in;
}
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = openConnectionCheckRedirects(conn);
....
is.close();
}
Related Information
Java 7/J2SE 1.7 API 文档(英文版,CHM 格式)
4星 · 超过85%的资源 需积分: 50 18 浏览量
2011-11-15
12:13:28
上传
评论 3
收藏 43.04MB ZIP 举报 
j2se7.zip (99个子文件) 
j2se7.chm 41.19MB j2se7.ico 766B Web site.url 86B
applets technotes guides imf api-sample ActiveClient.class 4KB package-list 0B CompositeIterator.class 3KB LWTextComponent.java 14KB ActiveClient.java 15KB PeeredTextArea.class 935B stylesheet.css 1KB MouseFocusListener.class 475B AppletWindowListener.class 586B IMFDemo.class 4KB LWTextComponent.class 5KB PeeredTextArea.java 2KB IMFDemo.java 6KB 2d samples Blur.java 4KB images 
bld.jpg 13KB
boat.gif 61KB BufferedShapeMover.java 9KB BidiSample$1.class 468B Blur$1.class 369B Sharpen.java 4KB BufferedShapeMover.class 1KB Edge.java 4KB BSMCanvas.class 4KB Rescale.class 3KB Blur.class 3KB Rescale.java 4KB BidiSample.class 2KB Sharpen.class 3KB Edge$1.class 369B Sharpen$1.class 375B BufferedShapeMover$1.class 397B LookUp$1.class 373B Edge.class 3KB Rescale$1.class 375B
Imaging_Samples.zip 87KB BidiSample.java 4KB LookUp.java 4KB LookUp.class 3KB deployment deployment-guide images warning_expired_true.gif 9KB general-2.gif 12KB general-3.gif 44KB jnlp-java-runtime-settings.gif 6KB update-3.gif 58KB warning_askgrant_notinca_true_mozilla.gif 8KB warning_expired_false.gif 8KB applet.gif 113KB update.gif 9KB warning_notinca_warning_false.gif 7KB certificates-3.gif 9KB warning_notinca.gif 8KB applet.jpg 2.3MB update-2.gif 14KB console.gif 7KB java-runtime-settings-3.gif 13KB java-2.gif 10KB advanced-3.gif 12KB advanced-network-settings-2.gif 8KB javalogo52x88.gif 1KB warning_example_1.gif 15KB jnlp-runtime-settings-2.gif 9KB applet-runtime-settings.gif 4KB warning_askgrantdialog_false.gif 5KB security-3.gif 9KB warning_notinca_warning_true.gif 13KB advanced-2.gif 9KB security.gif 5KB general.gif 6KB jnlp-runtime-settings-3.gif 32KB advanced-network-settings.gif 5KB java-runtime-settings-2.gif 7KB certificates.gif 5KB advanced-network-settings-3.gif 25KB java.gif 6KB java-3.gif 11KB certificates-2.gif 9KB security-2.gif 9KB advanced.gif 9KB java-console-1.gif 12KB upgrade-guide 
article-17.txt 4KB images java-icon-graybox.gif 4KB browser-3.gif 13KB systray-2.gif 2KB javalogo52x88.gif 1KB java-console-2.gif 14KB java_logo.gif 3KB get_java_red_button.gif 3KB getjava_med.gif 5KB browser-2.gif 17KB javalogo75x127.gif 4KB java-icon-systray.gif 4KB java-console-1.4.2_01.gif 14KB javalogo65x110.gif 3KB styles style1.css 236B NervousText.class 4KB styles style1.css 30B mm_menu.js 30KB
- 1
- 2
- 3
- 4
前往页