JDK-4959149 : Can't achieve automatic HTTP and HTTPS redirection with current API
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Not an Issue
  • OS: generic
  • CPU: generic
  • Submitted: 2003-11-24
  • Updated: 2017-07-24
  • Resolved: 2017-07-24
Related Reports
Relates :  
Relates :  
Description
At present, JDK treats HTTP and HTTPS as two separate protocols, with java.net.HttpURLConnection and javax.net.ssl.HttpsURLConnection be the public APIs for accessing the two protocol handlers. However, doing so will prevent  automatic and seemless HTTP redirection between these them. 'cause this entails we change the transport layer from a plain socket to a ssl socket and vise versa, in effect, bluring the distinction between the JDK's current two protocol notion,  and could lead to issues with security and the JCK specification.

To do it right, we need to:

1. Fold in the https specific functionalities into http handler, both
APIs and implementation needs to be changed.
and
2. Deprecate javax.net.ssl.HttpsURLConnection

See attached example and output result.

Comments
HttpURLConnection provides get|set follow redirects. For obvious reasons HTTPS to HTTP redirects are no allowed. If this is not sufficient, then the new HTTP Client API can be use.
2017-07-24

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mustang
2004-06-14

EVALUATION See description and comments. Will fix for Mustang. ###@###.### 2003-11-25
2003-11-25