While doing some SSL research last week, I stumbled on this:
https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration
If you wish to secure the entire tomcat installation (which can be done
regardless of how you provide SSL), add the following to
TOMCAT_HOME/conf/web.xml inside the web-app tags:
<!-- redirect all traffic to the SSL port -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
It worked for me (Linux, Tomcat 6.0.30, JRE 1.5.0_22).
On Tue, Feb 1, 2011 at 1:31 PM, <robert.jen...@surecomp.com> wrote:
> Hello all...
>
> I have configured ssl on tomcat 7 and I am able to access my application
> via ssl and non-ssl. What I am trying to figure out is how to configure
> tomcat so that my application is only available via ssl. Is there a way to
> do this? I have read the tomcat 7 document on ssl, but, did not take note of
> anything indicating how to do this.
>
> Thanks
>
> Bob Jenkin
>
> This mail was sent via Mail-SeCure System.
>
>
>
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v, 121-24)
