We have a Website that can be accessed with both http and https

We need all the pages to be accessed with http which is working fine but when users logged into the Site we need all the pages that had authenticated need to display with https

Please let us know what is the easiest way to achieve this

Thanks Srinivas

You could use a filter:

public class MyFilter implements Filter {
    private FilterConfig conf;

    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        if (req.getRemoteUser() != null && req.getScheme().equals("http")) {
            String url = "https://" + req.getServerName()
                    + req.getContextPath() + req.getServletPath();
            if (req.getPathInfo() != null) {
                url += req.getPathInfo();
            }
            resp.sendRedirect(url);
        } else {
            chain.doFilter(request, response);
        }
    }

    public FilterConfig getFilterConfig() {
        return conf;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        conf = filterConfig;
    }

    public void destroy() {        
    }

    public void init(FilterConfig filterConfig) {
        conf = filterConfig;
    }
}

Here's my Scala solution on Jetty (I'm using Jetty standalone, no WAR).

class RedirectHandler extends ContextHandler {
  override def doHandle(target: String, baseRequest: Request,
      request: HttpServletRequest, response: HttpServletResponse): Unit = {
    if ("http" == request.getScheme.toLowerCase) {
      baseRequest setHandled true
      response sendRedirect s"https://${request.getServerName}${request.getContextPath}"
    }
  }
}

Add a connector to the server on ports 80, 8080, &c. Add this handler to the front of the chain of handlers.

With magic.

Just kidding.

You have some sort of routine that runs on every page that checks whether a user is logged in, correct? Well, just add some logic in that routine that also checks the current URL and redirects to the https version if you're not already at it.

if current url is not https:
    redirect to replace(current url, 'http://', 'https://')

You can achieve this easily with Apache.

Assuming you have got the user contents nested in 'protected' path, this will forward every request starting with '/protected' to your HTTPS host:

# HTTP redirect configuration
<VirtualHost *:80>
    RewriteEngine on
    RewriteRule ^/protected/ https://hostname/ [R]
</VirtualHost>

using this approach the rest of URI will be lost and users should navigate again to where they want to go.

Check if user is logged in, then check if connection is HTTPS.

 if (checkIfUserIsLoggedIn) {
   $val = ((@$_SERVER['SERVER_PORT_SECURE'] == 1) || (@$_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
   if ($val == 'http://') {
    // reload page if it not https
    header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
   }
}