How can I link from secure to non-secure pages or vice-versa (HTTP -> HTTPS) in my JSP or servlet code without always hardcoding the "https://..." or "http://..." string? I'd like to be able to use things like RequestDispatcher.forward() or relative URLs when our users go back and forth between secure and non-secure pages.
Unfortunately if you want secure or non-secure pages, you must specify https or http, and you cannot use relative URIs. RequestDispatcher.forward() is an internal routing of a servlet request, but this just allows you to return one page within the security concept of the original request. It does not take the user back and forth between secure and non-secure pages. The only way to do this is to send them to a new URL that begins with http or https.