isSecure() method is defined in ServletRequest interface from javax.servlet package and inherited by HttpServletRequest.
With isSecure() method, the servlet programmer can know whether the client is using a secured protocol (HTTPS) or not while calling the servlet. If secured protocol is used, this method returns true else false.
Let us see what Java API says about isSecure() method.
- boolean isSecure(): Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS.
The method isSecure() returns a boolean value indicating whether the client uses secured protocol or not to call the servlet.
Let us see the output by writing a program.
HTML Program: ClientData.html
Observe, the client uses http in attribute ACTION.
web.xml entry for ClientInformation servlet
efgh
ClientInformation
efgh
/jasmine
Servelet Program: ClientInformation.java
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class ClientInformation extends HttpServlet
{
public void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
boolean b1 = req.isSecure();
out.println("req.isSecure() : " + b1);
out.close();
}
}
Output screen of ClientData.html with text field filled up. Anyhow, the text field does not have any purpose here.
The output screen when submit button is clicked.
Because the client is using http and not https, the output screen above shows a false value.
Note: Instead of http if https is used in the client program, the browser tries to establish a secure connection with the server and if unable throws ERR_SSL_PROTOCOL_ERROR with the message "Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don’t have."
Excellent explanation of servlets