Redirection between HTTP URL and HTTPS URL is not followed.
Symptoms
When running applet in browser using Sun JVM, if the applet
makes HTTP
requests to a server which redirects to a HTTPS URL, the
redirection
would fail. It fails also in the case of making HTTPS requested
to a
server which redirects to a HTTP URL.
The same applet runs properly in Microsoft VM.
Cause
The issue is caused by the HTTP/HTTPS redirection policy
implemented in
Sun JVM; because of serious security consequences, redirection
between
HTTP and HTTPS is not automatically followed.
HTTP/HTTPS redirection is followed in MSVM, given a security
warning
dialog prompts the users everytime before the redirection is
followed.
Resolution
To workaround the problem, it is the application responsibility
to check
the response code and recognize it as a redirect. The Location
header
field value can be checked for the redirect information, and
then the
application must decide whether or not to follow the redirect
using the
new protocol. For example,
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = conn.getInputStream();
....
is.close();
}
The code should be changed to
private InputStream openConnectionCheckRedirects(URLConnection
c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in = null;
do
{
if (c instanceof HttpURLConnection) {
((HttpURLConnection)
c).setInstanceFollowRedirects(false);
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = new URL(base, loc);
}
http.disconnect();
// Redirection should be allowed only for HTTP
// and HTTPS, and should be limited to 5
// redirections at most.
//
if (target == null
|| !(target.getProtocol().equals("http")
||
target.getProtocol().equals("https"))
|| redirects >= 5)
{
{
throw new SecurityException("illegal URL
redirect");
}
redir = true;
c = target.openConnection();
redirects++;
}
}
} while (redir);
return in;
}
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = openConnectionCheckRedirects(conn);
....
is.close();
}
Related Information
没有合适的资源?快使用搜索试试~ 我知道了~
JDK1.7的API帮助文档
共99个文件
gif:53个
class:23个
java:11个
5星 · 超过95%的资源 需积分: 50 123 下载量 167 浏览量
2011-11-05
23:00:02
上传
评论 4
收藏 43.04MB ZIP 举报
温馨提示
JDK的API的帮助文档,是1.7目前最新版本,从事java开发的朋友可以看一下,谢谢!
资源推荐
资源详情
资源评论
收起资源包目录
j2se7.zip (99个子文件)
j2se7.chm 41.19MB
applets
technotes
guides
2d
samples
BidiSample.class 2KB
LookUp.java 4KB
Blur$1.class 369B
images
boat.gif 61KB
bld.jpg 13KB
Blur.class 3KB
BufferedShapeMover.class 1KB
BufferedShapeMover.java 9KB
LookUp.class 3KB
Rescale.class 3KB
Imaging_Samples.zip 87KB
Rescale$1.class 375B
BufferedShapeMover$1.class 397B
Edge.class 3KB
Blur.java 4KB
BSMCanvas.class 4KB
Sharpen.java 4KB
LookUp$1.class 373B
BidiSample$1.class 468B
Sharpen$1.class 375B
Sharpen.class 3KB
Edge.java 4KB
Edge$1.class 369B
Rescale.java 4KB
BidiSample.java 4KB
deployment
deployment-guide
upgrade-guide
images
javalogo52x88.gif 1KB
browser-2.gif 17KB
java-console-2.gif 14KB
java-icon-systray.gif 4KB
java-console-1.4.2_01.gif 14KB
browser-3.gif 13KB
get_java_red_button.gif 3KB
javalogo65x110.gif 3KB
getjava_med.gif 5KB
systray-2.gif 2KB
javalogo75x127.gif 4KB
java-icon-graybox.gif 4KB
java_logo.gif 3KB
styles
style1.css 236B
article-17.txt 4KB
images
javalogo52x88.gif 1KB
advanced-2.gif 9KB
warning_notinca_warning_true.gif 13KB
advanced-network-settings-2.gif 8KB
java-2.gif 10KB
console.gif 7KB
jnlp-java-runtime-settings.gif 6KB
update-3.gif 58KB
security-2.gif 9KB
advanced-network-settings-3.gif 25KB
jnlp-runtime-settings-3.gif 32KB
warning_expired_true.gif 9KB
advanced-network-settings.gif 5KB
security-3.gif 9KB
warning_askgrant_notinca_true_mozilla.gif 8KB
applet.jpg 2.3MB
warning_expired_false.gif 8KB
java.gif 6KB
applet.gif 113KB
warning_example_1.gif 15KB
certificates-2.gif 9KB
warning_notinca_warning_false.gif 7KB
general-3.gif 44KB
java-runtime-settings-2.gif 7KB
general.gif 6KB
advanced-3.gif 12KB
update-2.gif 14KB
java-3.gif 11KB
java-runtime-settings-3.gif 13KB
certificates.gif 5KB
warning_askgrantdialog_false.gif 5KB
warning_notinca.gif 8KB
java-console-1.gif 12KB
general-2.gif 12KB
update.gif 9KB
certificates-3.gif 9KB
advanced.gif 9KB
applet-runtime-settings.gif 4KB
security.gif 5KB
jnlp-runtime-settings-2.gif 9KB
NervousText.class 4KB
mm_menu.js 30KB
styles
style1.css 30B
imf
api-sample
IMFDemo.class 4KB
package-list 0B
IMFDemo.java 6KB
CompositeIterator.class 3KB
LWTextComponent.class 5KB
MouseFocusListener.class 475B
ActiveClient.java 15KB
AppletWindowListener.class 586B
PeeredTextArea.java 2KB
ActiveClient.class 4KB
LWTextComponent.java 14KB
PeeredTextArea.class 935B
stylesheet.css 1KB
Web site.url 86B
j2se7.ico 766B
共 99 条
- 1
xiaoyaomingyue
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
- 4
前往页