Geek Answers Handbook

Is it possible that a site with a URL starting with "http: //" using the HTTPS protocol

I have a website whose URL starts with "http: //", but that gives me an exception with the message - Unsupported protocol: https. Is it possible that the site uses the HTTPS protocol, its URL starts with "http: //" and not "https: //".

public ActionForward executeAction(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { ActionForward forward = mapping.findForward(Constants.SUCCESS); String link = "http://abc.fgh.jkl.mno"; URL thisURL; HttpURLConnection conn = null; try { thisURL = new URL(link); conn = (HttpURLConnection) thisURL.openConnection(); System.out.println(conn.getResponseCode()); System.out.println(conn.getResponseMessage()); } catch (Exception ex) { ex.printStackTrace(); } return forward; }

Stack trace

 java.net.ProtocolException: Unsupported protocol: https' at weblogic.net.http.HttpClient.openServer(HttpClient.java:342) at weblogic.net.http.HttpClient.New(HttpClient.java:238) at weblogic.net.http.HttpURLConnection.connect(HttpURLConnection.java:172) at weblogic.net.http.HttpURLConnection.followRedirect(HttpURLConnection.java:643) at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:422) at weblogic.net.http.SOAPHttpURLConnection.getInputStream(SOAPHttpURLConnection.java:36) at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947) at com.cingular.cscape.da.struts.action.thisAction.executeAction(thisAction.java:56) at com.cingular.cscape.da.struts.action.BaseAction.execute(BaseAction.java:300) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at org.extremecomponents.table.filter.AbstractExportFilter.doFilter(AbstractExportFilter.java:53) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
+8
java
source share
3 answers

Did you notice the unsurpassed apostrophe in the exception message?

 java.net.ProtocolException: Unsupported protocol: https' ^

Update: this apostrophe seems to be just the quirk of how WebLogic HttpClient prints this exception.

A problem was discovered in the chat session with the root of asker access : it accesses the http: // URL, redirecting it to the https: // URL. The web server at this https address serves a certificate that its JRE / HttpClient does not trust.

The actual exception should be an SSLKeyException. I think WebLogic HttpClient is not correctly defining this issue as an unsupported protocol issue. I think the main problem:

<Warning> <Security> <BEA-090477> javax.net.ssl.SSLKeyException: [Security:090477] Certificate chain received from www.X.com - nnn.nnn.nnn.nnn was not trusted causing SSL handshake failure.

This is a message that Asker sees when directly accessing the https: // URL (and not through the redirect chain).

By default, Java Http [s] URLConnection should be redirected automatically and silently. If you're curious where you are redirected, try this code:

 connection.setInstanceFollowRedirects(false); String location = connection.getHeaderField("Location"); System.out.println("Redirected to: " + location);

Note that the URL you are redirecting can also redirect you somewhere else over and over, up to http.maxRedirects times. Forwarding can "chain" this way. If they chain, you will need to continue redirecting until you reach a URL that will not redirect. This is why the URL connection eventually ends when setInstanceFollowRedirects(true) .

Also, I found the code in sun.net.www.protocol.http.HttpURLConnection, which apparently indicates that HttpURLConnection may not support switching protocols (HTTP β†’ HTTPS) as part of its automatic forwarding of the following logic

 private boolean followRedirect() throws IOException { // ... [snip] ... if (!url.getProtocol().equalsIgnoreCase(locUrl.getProtocol())) { return false; // ... [snip] ...

WebLogic has its own (different) implementation of HttpURLConnection, but may contain similar logic to prevent protocol switching. Thus, even if Asker solves its certificate trust issues, it still cannot use the HttpURLConnection to automatically follow the redirect chain going from HTTP to HTTPS. A setInstanceFollowRedirects(false) would be to use setInstanceFollowRedirects(false) and then redirect manually. Or directly access the HTTPS website.

+13
source

HTTP is a protocol that runs on TCP / IP. HTTPS is HTTP on a secure socket (SSL or newer TLS). Now what is a URL? This is a string that identifies the resource and looks something like this:

 scheme://host:port/path/to/resource

Please note that sometimes we do not provide a port number because some protcols have an associated known port number. For HTTP - 80, and for HTTPS - 443, so these numbers are implied. However, note that you can bind your server socket to any port that you want: if you tell your HTTP server program to bind its socket to port 8273 on localhost, he will gladly do it.

He said that in your case the message says "unsupported protocol: https ". We can only guess here, however I think that the string you pass the URL is not the one you think.

+5
source

Another possibility is an HTTP address responding with a 3xx redirect response to the HTTPS URL that your client is trying to execute but does not support. You can very easily capture network traffic using tcpdump or wirehark.

There are so many Java HTTP client libraries that support HTTPS, why not switch to one of them?

0
source

More articles:


All Articles