Stephan Markwalder
Reputation: 233
Force Tomcat to redirect to HTTPS without changing web.xml security constraints
I already know how to configure Tomcat so that it redirects HTTP requests to HTTPS:
- enable and configure the SSL connector
- set correct "redirectPort" attribute on the non-SSL connector
- modify web.xml and set the "transport-guarantee" to "CONFIDENTIAL"
My question is: Is there a way to achieve the same result WITHOUT modifying the web.xml file?
I'm looking for a solution where I do not have to change the web application, which is deployed as WAR file. So changes like adding a servlet filter or implementing the redirect inside the web application are not an option.
Thanks for any help!
Stephan
Upvotes: 2
Views: 3316
Answers (2)
Ingar Bekkelund
Reputation: 31
If you don't want to modify the application WAR file, you can also add this entry to the server WEB.XML (/tomcat/conf/web.xml) and limit which webapps this parameter applies to?
Upvotes: 3
Related Questions
- Redirect HTTP to HTTPS:PORT in Tomcat
- force ssl in tomcat 7
- How to enable both HTTP and HTTPS in Tomcat without redirect?
- How to enforce https with tomcat?
- Use HTTPS only for certain pages in servlet based webapp
- Using webapp's web.xml to redirect to SSL for login page
- web.xml security-constraint is not returning back to http from https
- Tomcat - can i force NON https?
- How to avoid redirecting to SSL port
- configure Tomcat to support SSL or https