Enforce Https routing for login with play framework

后端未结

关注

 6  2151

滥情空心 2020-12-05 03:22

I want to enforce https routing for the login page only of my application.

Is it possible to do so with Play! without the use of a front end http server?

6条回答

天涯浪人 (楼主)

2020-12-05 03:30

Here is an example that works with Java Play 2.1.1 and Heroku.

public class ForceHttps extends Action {

    // heroku header
    private static final String SSL_HEADER = "x-forwarded-proto";

    @Override
    public Result call(Context ctx) throws Throwable {
        final Result result;
        if (Play.isProd() && !isHttpsRequest(ctx.request())) {
            result = redirect("https://" + ctx.request().host()
                    + ctx.request().uri());
        }
        else {
            // let request proceed
            result = this.delegate.call(ctx);
        }
        return result;
    }

    private static boolean isHttpsRequest(Request request) {
        // heroku passes header on
        return request.getHeader(SSL_HEADER) != null
                && request.getHeader(SSL_HEADER)
                        .contains("https");
    }

}

Then to any controllers you want to check for https, add @With(ForceHttps.class). Or if you want all controllers to check, then add a class HttpsController extends Controller and have all your classes extend HttpsController.

e.g.

@With(ForceHttps.class)
public class HttpsController extends Controller {

}

0 讨论(0)

查看其它6个回答