Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/gruelbox/dropwizard-https-redirect

A small dropwizard bundle which will redirect any income HTTP requests to the equivalent HTTPS URL.
https://github.com/gruelbox/dropwizard-https-redirect

dropwizard dropwizard-bundle https redirect

Last synced: about 2 months ago
JSON representation

A small dropwizard bundle which will redirect any income HTTP requests to the equivalent HTTPS URL.

Awesome Lists containing this project

README 

          
# Dropwizard HTTPS redirection bundle



[![Build Status](https://travis-ci.org/gruelbox/dropwizard-https-redirect.svg?branch=master)](https://travis-ci.org/gruelbox/dropwizard-https-redirect)

[![Sonarcloud Security Rating](https://sonarcloud.io/api/project_badges/measure?project=com.gruelbox%3Adropwizard-https-redirect&metric=security_rating)](https://sonarcloud.io/dashboard?id=com.gruelbox%3Adropwizard-https-redirect)

[![Sonarcloud Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=com.gruelbox%3Adropwizard-https-redirect&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=com.gruelbox%3Adropwizard-https-redirect)

[![Sonarcloud Coverage](https://sonarcloud.io/api/project_badges/measure?project=com.gruelbox%3Adropwizard-https-redirect&metric=coverage)](https://sonarcloud.io/dashboard?id=com.gruelbox%3Adropwizard-https-redirect)

[![CodeFactor](https://www.codefactor.io/repository/github/gruelbox/dropwizard-https-redirect/badge)](https://www.codefactor.io/repository/github/gruelbox/dropwizard-https-redirect)



[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.gruelbox/dropwizard-https-redirect/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.gruelbox/dropwizard-https-redirect)

[![Javadocs](https://www.javadoc.io/badge/com.gruelbox/dropwizard-https-redirect.svg?color=blue)](https://www.javadoc.io/doc/com.gruelbox/dropwizard-https-redirect)



A small DropWizard bundle which will redirect any incoming HTTP requests to the equivalent HTTPS URL.  Handles both the cases where the application is hosting both HTTP and HTTPS directly or where it is sitting behind an SSL proxy and receiving all traffic as HTTP.



Also protects against [HTTP Response Splitting](https://resources.infosecinstitute.com/http-response-splitting-attack/) attacks.



## Usage



### Add to your pom.xml



```



  com.gruelbox

  dropwizard-https-redirect

  0.0.4



```



### Set up configuration



Modify your application configuration class so that it `implements HttpEnforcementConfiguration`.



The `isHttpsOnly()` property enables or disables the redirection.  It usually makes sense to disable it in configuration when testing locally.



The `getHttpResponsibility()` property is extremely important:



 - If your application is exposed directly to the internet without any sort of proxy (so your application manages its own SSL certificates) set this to `HTTPS_DIRECT`.  The bundle will check the servlet request directly to ensure that it is secure.

 - If your application is hosted behind a proxy, and the proxy is managing the SSL side of things and forwarding both HTTP and HTTPS to your application as plain old HTTP (common with platforms such as [Heroku](https://www.heroku.com/)), we have to rely on the proxy to tell us what the original protocol was using the `X-Forwarded-Proto` header.  Most proxies do this, but _do check yours_.  To enabled this, use `HTTPS_AT_PROXY`.

 

### Install the bundle



In your `Application`, modify `initialise()`:



```

  @Override

  public void initialize(final Bootstrap bootstrap) {

    bootstrap.addBundle(new HttpsEnforcementBundle());

  }

```



That's it!



## Credit



The POM and Travis build borrow heavily from other projects. See [oss-archetype](https://github.com/gruelbox/oss-archetype#credit) for credits.