Redirection between HTTP URL and HTTPS URL is not followed.
Symptoms
When running applet in browser using Sun JVM, if the applet
makes HTTP
requests to a server which redirects to a HTTPS URL, the
redirection
would fail. It fails also in the case of making HTTPS requested
to a
server which redirects to a HTTP URL.
The same applet runs properly in Microsoft VM.
Cause
The issue is caused by the HTTP/HTTPS redirection policy
implemented in
Sun JVM; because of serious security consequences, redirection
between
HTTP and HTTPS is not automatically followed.
HTTP/HTTPS redirection is followed in MSVM, given a security
warning
dialog prompts the users everytime before the redirection is
followed.
Resolution
To workaround the problem, it is the application responsibility
to check
the response code and recognize it as a redirect. The Location
header
field value can be checked for the redirect information, and
then the
application must decide whether or not to follow the redirect
using the
new protocol. For example,
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = conn.getInputStream();
....
is.close();
}
The code should be changed to
private InputStream openConnectionCheckRedirects(URLConnection
c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in = null;
do
{
if (c instanceof HttpURLConnection) {
((HttpURLConnection)
c).setInstanceFollowRedirects(false);
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = new URL(base, loc);
}
http.disconnect();
// Redirection should be allowed only for HTTP
// and HTTPS, and should be limited to 5
// redirections at most.
//
if (target == null
|| !(target.getProtocol().equals("http")
||
target.getProtocol().equals("https"))
|| redirects >= 5)
{
{
throw new SecurityException("illegal URL
redirect");
}
redir = true;
c = target.openConnection();
redirects++;
}
}
} while (redir);
return in;
}
public void makeConnection(URL url)
{
URLConnection conn = url.openConnection();
InputStream is = openConnectionCheckRedirects(conn);
....
is.close();
}
Related Information
JDK1.7的API帮助文档
5星 · 超过95%的资源 需积分: 50 167 浏览量
2011-11-05
23:00:02
上传
评论 4
收藏 43.04MB ZIP 举报 
j2se7.zip (99个子文件) 
j2se7.chm 41.19MB
applets technotes guides 2d samples BidiSample.class 2KB LookUp.java 4KB Blur$1.class 369B images 
boat.gif 61KB
bld.jpg 13KB Blur.class 3KB BufferedShapeMover.class 1KB BufferedShapeMover.java 9KB LookUp.class 3KB Rescale.class 3KB
Imaging_Samples.zip 87KB Rescale$1.class 375B BufferedShapeMover$1.class 397B Edge.class 3KB Blur.java 4KB BSMCanvas.class 4KB Sharpen.java 4KB LookUp$1.class 373B BidiSample$1.class 468B Sharpen$1.class 375B Sharpen.class 3KB Edge.java 4KB Edge$1.class 369B Rescale.java 4KB BidiSample.java 4KB deployment deployment-guide upgrade-guide images javalogo52x88.gif 1KB browser-2.gif 17KB java-console-2.gif 14KB java-icon-systray.gif 4KB java-console-1.4.2_01.gif 14KB browser-3.gif 13KB get_java_red_button.gif 3KB javalogo65x110.gif 3KB getjava_med.gif 5KB systray-2.gif 2KB javalogo75x127.gif 4KB java-icon-graybox.gif 4KB java_logo.gif 3KB styles style1.css 236B
article-17.txt 4KB images javalogo52x88.gif 1KB advanced-2.gif 9KB warning_notinca_warning_true.gif 13KB advanced-network-settings-2.gif 8KB java-2.gif 10KB console.gif 7KB jnlp-java-runtime-settings.gif 6KB update-3.gif 58KB security-2.gif 9KB advanced-network-settings-3.gif 25KB jnlp-runtime-settings-3.gif 32KB warning_expired_true.gif 9KB advanced-network-settings.gif 5KB security-3.gif 9KB warning_askgrant_notinca_true_mozilla.gif 8KB applet.jpg 2.3MB warning_expired_false.gif 8KB java.gif 6KB applet.gif 113KB warning_example_1.gif 15KB certificates-2.gif 9KB warning_notinca_warning_false.gif 7KB general-3.gif 44KB java-runtime-settings-2.gif 7KB general.gif 6KB advanced-3.gif 12KB update-2.gif 14KB java-3.gif 11KB java-runtime-settings-3.gif 13KB certificates.gif 5KB warning_askgrantdialog_false.gif 5KB warning_notinca.gif 8KB java-console-1.gif 12KB general-2.gif 12KB update.gif 9KB certificates-3.gif 9KB advanced.gif 9KB applet-runtime-settings.gif 4KB security.gif 5KB jnlp-runtime-settings-2.gif 9KB NervousText.class 4KB mm_menu.js 30KB styles style1.css 30B imf api-sample IMFDemo.class 4KB package-list 0B IMFDemo.java 6KB CompositeIterator.class 3KB LWTextComponent.class 5KB MouseFocusListener.class 475B ActiveClient.java 15KB AppletWindowListener.class 586B PeeredTextArea.java 2KB ActiveClient.class 4KB LWTextComponent.java 14KB PeeredTextArea.class 935B stylesheet.css 1KB Web site.url 86B j2se7.ico 766B
- 1
- 2
- 3
- 4
前往页