Best IT Recipes

URLConnection does not redirect

I can’t understand why Java HttpURLConnection does not redirect. I am using the following code to get this page :

 import java.net.URL; import java.net.HttpURLConnection; import java.io.InputStream; public class Tester { public static void main(String argv[]) throws Exception{ InputStream is = null; try { String bitlyUrl = "http://bit.ly/4hW294"; URL resourceUrl = new URL(bitlyUrl); HttpURLConnection conn = (HttpURLConnection)resourceUrl.openConnection(); conn.setConnectTimeout(15000); conn.setReadTimeout(15000); conn.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)"); conn.connect(); is = conn.getInputStream(); String res = conn.getURL().toString(); if (res.toLowerCase().contains("bit.ly")) System.out.println("bit.ly is after resolving: "+res); } catch (Exception e) { System.out.println("error happened: "+e.toString()); } finally { if (is != null) is.close(); } } }

In addition, I get the following answer (this seems absolutely correct!):

 GET /4hW294 HTTP/1.1 Host: bit.ly Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; ru-RU; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) HTTP/1.1 301 Moved Server: nginx/0.7.42 Date: Thu, 10 Dec 2009 20:28:44 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Location: https://www.myganocafe.com/CafeMacy MIME-Version: 1.0 Content-Length: 297

Unfortunately, the res variable contains the same URL and the stream contains the following (obviously Java HttpURLConnection does not match the redirect!):

 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML> <HEAD> <TITLE>Moved</TITLE> </HEAD> <BODY> <H2>Moved</H2> <A HREF="https://www.myganocafe.com/CafeMacy">The requested URL has moved here.</A> <P ALIGN=RIGHT><SMALL><I>AOLserver/4.5.1 on http://127.0.0.1:7400</I></SMALL></P> </BODY> </HTML>
+92
java redirect
Dec 10 '09 at 21:38
source share
7 answers

I do not think that it will be automatically redirected from HTTP to HTTPS (or vice versa).

Despite the fact that we know that it reflects HTTP, from the point of view of the HTTP protocol, HTTPS is just some other, completely different, unknown protocol. It would be unsafe to monitor redirects without user approval.

For example, suppose your application is configured for automatic client authentication. The user expects anonymous surfing because he uses HTTP. But if his client after HTTPS does not ask, his identity is displayed on the server.

+111
Dec 10 '09 at 22:05
source share

HttpURLConnection in its design will not automatically redirect from HTTP to HTTPS (or vice versa). After a redirect, serious security implications can occur. SSL (hence, HTTPS) creates a session that is unique to the user. This session can be reused for multiple requests. Thus, the server can track all requests made from one person. This is a weak form of identity and can be used. In addition, SSL handshake can request a client certificate. If sent to the server, the client identifier is transmitted to the server.

As Erickson points out, suppose the application is configured to automatically authenticate the client. The user expects anonymous surfing because he uses HTTP. But if his client follows HTTPS without a request, his identity is revealed on the server.

With this I realized, here is the code that will follow the redirects.

  URL resourceUrl, base, next; Map<String, Integer> visited; HttpURLConnection conn; String location; int times; ... visited = new HashMap<>(); while (true) { times = visited.compute(url, (key, count) -> count == null ? 1 : count + 1); if (times > 3) throw new IOException("Stuck in redirect loop"); resourceUrl = new URL(url); conn = (HttpURLConnection) resourceUrl.openConnection(); conn.setConnectTimeout(15000); conn.setReadTimeout(15000); conn.setInstanceFollowRedirects(false); // Make the logic below easier to detect redirections conn.setRequestProperty("User-Agent", "Mozilla/5.0..."); switch (conn.getResponseCode()) { case HttpURLConnection.HTTP_MOVED_PERM: case HttpURLConnection.HTTP_MOVED_TEMP: location = conn.getHeaderField("Location"); location = URLDecoder.decode(location, "UTF-8"); base = new URL(url); next = new URL(base, location); // Deal with relative URLs url = next.toExternalForm(); continue; } break; } is = conn.openStream(); ...
+50
Sep 25 '14 at 18:59
source share

Something called HttpURLConnection.setFollowRedirects(false) accident?

You can always call

 conn.setInstanceFollowRedirects(true);

if you want you to not affect the rest of the behavior of the application.

+26
Dec 10 '09 at 21:41
source share

As mentioned above, setFollowRedirect and setInstanceFollowRedirects only work when the redirected protocol is the same. those. from http to http and https to https.

setFolloRedirect is at the class level and sets this for all instances of the url connection, while setInstanceFollowRedirects is only for this instance. Thus, we can have different behavior for different instances.

I found a very good example here http://www.mkyong.com/java/java-httpurlconnection-follow-redirect-example/

+6
01 Oct '13 at 6:12
source share

Another option would be to use the Apache HttpComponents Client :

 <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> </dependency>

Sample code:

 CloseableHttpClient httpclient = HttpClients.createDefault(); HttpGet httpget = new HttpGet("https://media-hearth.cursecdn.com/avatars/330/498/212.png"); CloseableHttpResponse response = httpclient.execute(httpget); final HttpEntity entity = response.getEntity(); final InputStream is = entity.getContent();
+2
Jul 06 '18 at 16:16
source share

The correct answer, but you know you need to get the new location from the answer and use it as a URL

-one
Dec 10 '09 at 21:43
source share

HTTPUrlConnection is not responsible for handling the response of the object. This performance, as expected, it captures the contents of the requested URL. You can use the function to interpret the response. It cannot read developer intent without specification.

-four
Dec 10 '09 at 21:41
source share


More articles:


All Articles