Need to have http redirect to https within Tomcat.
Here is a good page on setting up SSL for Tomcat tomcat-6.0-doc/ssl-howto.html
1. Change Tomcat’s server.xml.
(<application>/tomcat/conf/server.xml)
Edit the non-SSL <Connector> entry listening on port 80 and add or
edit the redirectPort atribute to point to the port on which the SSL
<Connector> is listening. By default, the redirectPort was pointing
to port 443. Note: if you have an internal system running SSL on port 21101, for example, and your site uses a global load balancer, then you need to redirect to port 443. Otherwise, the URL would be rewritten as https://your.site.com:21101 which would fail at the loadbalancer.
Was:
Connector port=”80″
enableLookups=”false”
redirectPort=”8443″
maxThreads=”100″
minSpareThreads=”100″
maxSpareThreads=”100″
Changed to:
Connector port=”80″
enableLookups=”false”
redirectPort=”443″
maxThreads=”100″
minSpareThreads=”100″
maxSpareThreads=”100″
2. Setup a security constraint in the Tomcat web.xml file.
In the Tomcat web.xml file the following <security> has
to be added within the <web> element. This new element must be
added after the <servlet> element: Note: The Tomcat documentation states that https will only be redirected to the Port listed if there is a <security> listed for some path. I found the best location to add the info is just prior to the last line in the web.xml
Place the following code just above the last line (</web>) in the web.xml file
(<application>/tomcat/conf/web.xml)
<pre><security>
<web>
<web>Application Name</web>
<url>/*</url>
</web>
<user>
<transport>CONFIDENTIAL</transport>
</user>
</security>
Need to have http redirect to https within Tomcat.
Here is a good page on setting up SSL for Tomcat tomcat-6.0-doc/ssl-howto.html
1. Change Tomcat’s server.xml.
(<application>/tomcat/conf/server.xml)
Edit the non-SSL <Connector> entry listening on port 80 and add or
edit the redirectPort atribute to point to the port on which the SSL
<Connector> is listening. By default, the redirectPort was pointing
to port 443. Note: if you have an internal system running SSL on port 21101, for example, and your site uses a global load balancer, then you need to redirect to port 443. Otherwise, the URL would be rewritten as https://your.site.com:21101 which would fail at the loadbalancer.
Was:
Connector port=”80″
enableLookups=”false”
redirectPort=”8443″
maxThreads=”100″
minSpareThreads=”100″
maxSpareThreads=”100″
Changed to:
Connector port=”80″
enableLookups=”false”
redirectPort=”443″
maxThreads=”100″
minSpareThreads=”100″
maxSpareThreads=”100″
2. Setup a security constraint in the Tomcat web.xml file.
In the Tomcat web.xml file the following <security> has
to be added within the <web> element. This new element must be
added after the <servlet> element: Note: The Tomcat documentation states that https will only be redirected to the Port listed if there is a <security> listed for some path. I found the best location to add the info is just prior to the last line in the web.xml
Place the following code just above the last line (</web>) in the web.xml file
(<application>/tomcat/conf/web.xml)
<security> <web> <web>Application Name</web> <url>/*</url> </web> <user> <transport>CONFIDENTIAL</transport> </user> </security>
