I have never tried that. I used to build a javascript to use the 403 (forbidden) error to redirect the webserver. I'll try this the next time. Appreciate the tip.
Cheers -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of John Baker Sent: Wednesday, March 13, 2013 4:32 PM To: arslist@ARSLIST.ORG Subject: Enforcing HTTPs for Mid Tier (or any Java web app) Joe You mention that it's not easy to force a redirect to the SSL port with most web servers. There's a way you can achieve this in a Java web application (ie Mid Tier). Find the web.xml and add the following to the end of the file, immediately prior to </web-app>: <security-constraint> <web-resource-collection> <web-resource-name>Mid Tier</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> When a browser accesses http://host/arsys/jss-sso/index.jsp or http://host:8080/arsys/jss-sso/index.jsp etc, Tomcat sends an HTTP 302 redirect, ie the HTTP header: Location: https://host:8443/arsys/jss-sso/index.jsp This is much neater than a Javascript/client-side redirect. John -- JSS SSO Plugin for BMC ITSM, AR System, and more http://www.javasystemsolutions.com/jss/ssoplugin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
