REST make sure transport is HTTPS?

Question

I have a Restful Web Service written in Java:

Example:

@GET
@PATH("/foo")
public Response getFoo(){
... 
}

and a filter

public void doFilter(ServletRequest req, ServletResponse response, FilterChain chain) {
   ....
}

How can i make sure that incoming requests and sent responses from my REST API are transported by HTTPS?

I think you want to look at the in web.xml https://docs.oracle.com/cd/E19226-01/820-7627/bncbk/index.html — Mike Barlotta, Feb 29 '16 at 15:48

score 0 · Accepted Answer · answered Feb 29 '16 at 15:39

If you have access to ServletRequest, you can use ServletRequest.isSecure to determine whether it was HTTPS or not.

Be careful, if your application gets deployed behind some frontend servers that extract HTTPS for you, you have to do something different. Usually check some headers or similar.

REST make sure transport is HTTPS?

1 Answers1