GithubHelp home page GithubHelp logo

gruelbox / dropwizard-https-redirect Goto Github PK

View Code? Open in Web Editor NEW
0.0 2.0 1.0 138 KB

A small dropwizard bundle which will redirect any income HTTP requests to the equivalent HTTPS URL.

License: Apache License 2.0

Java 100.00%
dropwizard dropwizard-bundle https redirect

dropwizard-https-redirect's Introduction

Dropwizard HTTPS redirection bundle

Build Status Sonarcloud Security Rating Sonarcloud Vulnerabilities Sonarcloud Coverage CodeFactor

Maven Central Javadocs

A small DropWizard bundle which will redirect any incoming HTTP requests to the equivalent HTTPS URL. Handles both the cases where the application is hosting both HTTP and HTTPS directly or where it is sitting behind an SSL proxy and receiving all traffic as HTTP.

Also protects against HTTP Response Splitting attacks.

Usage

Add to your pom.xml

<dependency>
  <groupId>com.gruelbox</groupId>
  <artifactId>dropwizard-https-redirect</artifactId>
  <version>0.0.4</version>
</dependency>

Set up configuration

Modify your application configuration class so that it implements HttpEnforcementConfiguration.

The isHttpsOnly() property enables or disables the redirection. It usually makes sense to disable it in configuration when testing locally.

The getHttpResponsibility() property is extremely important:

  • If your application is exposed directly to the internet without any sort of proxy (so your application manages its own SSL certificates) set this to HTTPS_DIRECT. The bundle will check the servlet request directly to ensure that it is secure.
  • If your application is hosted behind a proxy, and the proxy is managing the SSL side of things and forwarding both HTTP and HTTPS to your application as plain old HTTP (common with platforms such as Heroku), we have to rely on the proxy to tell us what the original protocol was using the X-Forwarded-Proto header. Most proxies do this, but do check yours. To enabled this, use HTTPS_AT_PROXY.

Install the bundle

In your Application, modify initialise():

  @Override
  public void initialize(final Bootstrap<MyConfiguration> bootstrap) {
    bootstrap.addBundle(new HttpsEnforcementBundle());
  }

That's it!

Credit

The POM and Travis build borrow heavily from other projects. See oss-archetype for credits.

dropwizard-https-redirect's People

Contributors

badgerwithagun avatar dependabot-preview[bot] avatar dependabot-support avatar dependabot[bot] avatar

Watchers

avatar avatar

Forkers

badgerwithagun

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.