Get full URL and query string in Servlet for both HTTP and HTTPS requests

Question

I am writing a code which task is to retrieve a requested URL or full path. I've written this code:

HttpServletRequest request;//obtained from other functions
String uri = request.getRequestURI();
if (request.getQueryString() != null)
    uri += "?" + request.getQueryString();

So, when I browse http://google.com?q=abc it is OK (correct). But there is problem when I browse https://google.com. The value of uri is http://google.com:443google.com:443, So the program doesn't only when HTTPS is used.

And the output is same for request.getRequestURL().toString().

What is the solution?

I think it's most likely that whatever "other functions" that you call to construct the `HttpServletRequest` are constructing it incorrectly. Perhaps you can create a [SSCCE](http://sscce.org/) that demonstrates the exact problem? — parsifal, May 21 '13 at 16:48

score 182 · Accepted Answer · edited Jun 20 '20 at 09:12

182

By design, getRequestURL() gives you the full URL, missing only the query string.

In HttpServletRequest, you can get individual parts of the URI using the methods below:

// Example: http://myhost:8080/people?lastname=Fox&age=30

String uri = request.getScheme() + "://" +   // "http" + "://
             request.getServerName() +       // "myhost"
             ":" +                           // ":"
             request.getServerPort() +       // "8080"
             request.getRequestURI() +       // "/people"
             "?" +                           // "?"
             request.getQueryString();       // "lastname=Fox&age=30"

.getScheme() will give you "https" if it was a https://domain request.
.getServerName() gives domain on http(s)://domain.
.getServerPort() will give you the port.

Use the snippet below:

String uri = request.getScheme() + "://" +
             request.getServerName() + 
             ("http".equals(request.getScheme()) && request.getServerPort() == 80 || "https".equals(request.getScheme()) && request.getServerPort() == 443 ? "" : ":" + request.getServerPort() ) +
             request.getRequestURI() +
            (request.getQueryString() != null ? "?" + request.getQueryString() : "");

This snippet above will get the full URI, hiding the port if the default one was used, and not adding the "?" and the query string if the latter was not provided.

Proxied requests

Note, that if your request passes through a proxy, you need to look at the X-Forwarded-Proto header since the scheme might be altered:

request.getHeader("X-Forwarded-Proto")

Also, a common header is X-Forwarded-For, which show the original request IP instead of the proxys IP.

request.getHeader("X-Forwarded-For")

If you are responsible for the configuration of the proxy/load balancer yourself, you need to ensure that these headers are set upon forwarding.

edited Jun 20 '20 at 09:12

Community

1
1

answered May 21 '13 at 16:52

acdcjunior

132,397
37
331
304

Your first code helped with repetition in `https` but with error. There is no query string in `https` – progrrammer May 21 '13 at 17:02
already corrected and same error. and yes i've tried getRequestURL() – progrrammer May 21 '13 at 17:09
@ErBnAcharya `getRequestURL()` **must work**. Seems like you're doing something wrong... – informatik01 May 21 '13 at 17:13
Using the expression in the answer, what's the value of `uri`? – acdcjunior May 21 '13 at 17:17
@acdcjunior As an additional variant: you can use [`getHeader("Host")`](http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getHeader(java.lang.String)) to get **both** the host and the port. – informatik01 May 21 '13 at 17:17
1

@ErBnAcharya It's very strange that you get `google.com:443` **twice**. Plus I see there *http* instead of **https**... – informatik01 May 21 '13 at 17:23
1

I second @informatik01 on the strangeness of this. Here's something you can do: print piece by piece, each on a separate line (`getScheme()` in one `getServerName()` in other), what's the result? This will give you a hint about what's the problematic part. – acdcjunior May 21 '13 at 17:26
I think error is on `request.getQueryString()` which is returning `null` for `https://google.com?q=a` – progrrammer May 21 '13 at 17:40
Everyone else is bringing the expected result? Who's building that `HttpServletRequest` you're getting as parameter? Whoever does that, is doing it wrong. – acdcjunior May 21 '13 at 17:56
I am invoking my class as jetty handle. So object is obtained using jetty. – progrrammer May 21 '13 at 18:10
Hi! I know its been a long time, but have you managed to get this working? – acdcjunior Mar 07 '14 at 15:00
Does is exist a way to get URI fragment also? – agad Sep 18 '14 at 06:44
@agad Unfortunately, no. As `request` is a server-side object, it cannot get URI fragments as those are never sent to the server by the browsers. – acdcjunior Sep 18 '14 at 17:15
I think the example is missing context path – mvmn Sep 04 '16 at 16:41
Ain't `/people` the context path? – acdcjunior Sep 04 '16 at 16:45

score 10 · Answer 2 · edited Jun 20 '20 at 09:12

10

Simply Use:

String Uri = request.getRequestURL()+"?"+request.getQueryString();

edited Jun 20 '20 at 09:12

Community

1
1

answered Dec 19 '15 at 11:35

sumitkanoje

1,217
14
22

Note that `getRequestURL` will not work on an error page. So if you have a `404.jsp` and e.g. need to do a redirect you will need add import: `<%@ page import="org.apache.catalina.util.RequestUtil" %>` and use `String requestedLocation = RequestUtil.filter((String) request.getAttribute("javax.servlet.error.request_uri"));` – Nux Feb 23 '18 at 13:31

score 4 · Answer 3 · answered Oct 05 '17 at 23:39

The fact that a HTTPS request becomes HTTP when you tried to construct the URL on server side indicates that you might have a proxy/load balancer (nginx, pound, etc.) offloading SSL encryption in front and forward to your back end service in plain HTTP.

If that's case, check,

whether your proxy has been set up to forward headers correctly (Host, X-forwarded-proto, X-forwarded-for, etc).
whether your service container (E.g. Tomcat) is set up to recognize the proxy in front. For example, Tomcat requires adding secure="true" scheme="https" proxyPort="443" attributes to its Connector
whether your code, or service container is processing the headers correctly. For example, Tomcat automatically replaces scheme, remoteAddr, etc. values when you add RemoteIpValve to its Engine. (see Configuration guide, JavaDoc) so you don't have to process these headers in your code manually.

Incorrect proxy header values could result in incorrect output when request.getRequestURI() or request.getRequestURL() attempts to construct the originating URL.

This was the solution of the problem. Extending this, [read the server.xml Connector docs!](https://tomcat.apache.org/tomcat-8.0-doc/config/http.html) — peterh, May 29 '18 at 14:56

score 2 · Answer 4 · answered Mar 10 '20 at 05:21

2

I know this is a Java question, but if you're using Kotlin you can do this quite nicely:

val uri = request.run {
    if (queryString.isNullOrBlank()) requestURI else "$requestURI?$queryString"
}

answered Mar 10 '20 at 05:21

Adam Millerchip

20,844
5
51
74

score 0 · Answer 5 · answered Aug 19 '22 at 02:05

For Spring users, ServletUriComponentsBuilder handles this.

// autowire HttpServletRequest to use here
String fullURL = ServletUriComponentsBuilder.fromRequest(request).build().toString();
// or use current request
String fullURL = ServletUriComponentsBuilder.fromCurrentRequest().build().toString();

Get full URL and query string in Servlet for both HTTP and HTTPS requests

5 Answers5

Use the snippet below:

Proxied requests

Simply Use:

Linked