Thanks for the super quick reply, Chuck! Here's what I did. I changed the redirectPort on the following two Connector elements. From 8443 to 443. And that did the trick.
/* Previously */ <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> /* Currently */ <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> You were saying that I should handle the forced HTTPS redirection of certain pages on the httpd end, right? Can you please elaborate on how to do it or give me pointers on how it could be done? Thank you!! Joe On Mon, Jan 4, 2010 at 2:57 PM, Caldarale, Charles R <chuck.caldar...@unisys.com> wrote: >> From: Joe Hansen [mailto:joe.hansen...@gmail.com] >> Subject: Help with security-constraint in web.xml >> >> What do I need to do so that the user is directed to >> https://ourwebsite.com/spring_security_login instead > > Fix the redirectPort attribute in your <Connector> elements in > conf/server.xml. > > BTW, since you are front-ending Tomcat with httpd, it would be more efficient > to have httpd handle the SSL stuff, and let Tomcat see the requests in plain > text - assuming you have a secure connection between httpd and Tomcat. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
