On Thu, 26 Jul 2001, Bernhard Wraase wrote:
> In the docs it seems simple...
> Even in the thread recently
>
> But it don't work.
> Each request works:
> http://127.0.0.1:8080 ->http://127.0.0.1:8080/index.html
> https://127.0.0.1:8443 ->https://127.0.0.1:8443/index.html
>
> But I want this:
> http://127.0.0.1:8080 ->https://127.0.0.1:8443/index.html
>
If you want Tomcat 4.0 to automatically do this redirect for you, then you
need to set up a security constraint inside the web.xml file of your ROOT
web app, and have that constraint require SSL. For example:
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>The Entire Web App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
...
</web-app>
In this scenario, we do not have an <auth-constraint>, so we will never
challenge the user for a username or password. However, the transport
guarantee says that this entire webapp (i.e. all URIs that match "/*") can
only be accessed via SSL, so Tomcat will do an automatic redirect (to port
8443 in this case, because of your server.xml configuration below).
Craig McClanahan
> The server.xml looks like:
>
> <Service name="Tomcat-Standalone">
>
> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
> <Connector
> className="org.apache.catalina.connector.http.HttpConnector"
> port="8080" minProcessors="5" maxProcessors="75"
> enableLookups="true" redirectPort="8443"
> acceptCount="10" debug="0" connectionTimeout="60000"/>
> <!-- Note : To disable connection timeouts, set connectionTimeout
> value
> to -1 -->
>
> <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
> <Connector
> className="org.apache.catalina.connector.http.HttpConnector"
> port="8443" minProcessors="5" maxProcessors="75"
> enableLookups="true"
> acceptCount="10" debug="0" scheme="https" secure="true">
> <Factory
> className="org.apache.catalina.net.SSLServerSocketFactory"
> keystorePass="nordwest" clientAuth="false"
> protocol="TLS"/>
> </Connector>
> --snip--
> --snap--
> </Service>
>
> Any suggestions?
> --
> TIA Bernhard Wraase
>
>
>