Let's say that SSL secured app is running on non-default HTTPS port 9999.
When user will access a page like this:
https://myapp.com:9999
a proper response will be returned.
But when he will try to access a page through a non secured way - like this:
http://myapp.com:9999
this is the returned response (hex):
15 03 01 00 02 02 0A
which actually means:
15 alert
03 01 Version
00 02 Length
02 0A Fatal-unexpected message
Now the question is whether it is possible to redirect user from HTTP to HTTPS using Restlet in this case?
PS: Note that redirection/URI-rewriting with Apache or similar solution is not what I am looking for.
It's not easy to redirect from HTTP to HTTPS on the same port. Normally a port is dedicated to each protocol. When you see a redirect from http to https on a public website (using the default ports) the first request is to http://example.com (which the browser will request over port 80, the default for HTTP) and it returns a response that is a redirect to https://example.com (which the browser will request over port 443, the default for HTTPS).
When using an application server such as Restlet, a typical way to handle this redirect is to put a web server such as Apache httpd in front of it, listening to HTTP on port 80 and HTTPS on port 443, and proxying both of them to port 9999 (which you need not expose to the Internet, since it would only be accessed over loopback).
But when you connect to http://myapp.com:9999, your application server is expecting a TLS handshake first and foremost, and your browser or user agent is not going to provide that as it's not required for the vanilla HTTP protocol. That said, you might be able to come up with a way to detect the protocol that the browser is using and dynamically respond in suit. For a more detailed explanation of a creative way to do this, see this node.js protocol detection example. If you really must use a single port for two protocols, it might possible to do the same thing in Restlet.