How can I know if the request to the servlet was executed using HTTP or HTTPS?

I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.

I thought I can use request.getProtocol() but it returns HTTP/1.1 on both methods.

Any ideas?

HttpServletRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:

• If the ServletContainer can itself accept requests on https.
• If there is a LoadBalancer in front of ServletContainer and the Load Balancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.

The Container should also make this request attributes available when the request is received on https:

• javax.servlet.http.sslsessionid
• javax.servlet.request.key_size
• javax.servlet.request.X509Certificate