CODEWITHSUNDEEP
spring-mvctomcat
We are Borg
We are Borg

Reputation: 5313

Port number 8443 is shown in the browser address bar when using Tomcat with HTTPS

I am working on a Spring MVC application and I have deployed that on a Tomcat installation on the server. In the configuration which I will post below of Tomcat and Spring, HTTP communication occurs on port 80 and HTTPS on port 8443.

Now when the application is deployed, I can see in the browser URL as

https://domainname.com:8443/nameOfPage

I don't want want to show the port number to the user. What should I do, kindly let me know.

Thank you.

Spring Security config.xml

<security:http create-session="ifRequired" use-expressions="true" auto-config="true" disable-url-rewriting="true">

    <security:form-login login-page="/"
                         default-target-url="/canvas/list"
                         always-use-default-target="false"
                         authentication-failure-url="/denied.jsp" />

    <security:remember-me key="_spring_security_remember_me"
                          user-service-ref="userDetailsService"
                          token-validity-seconds="1209600"
                          data-source-ref="dataSource" />

    <security:logout logout-success-url="/"
                     delete-cookies="JSESSIONID"
                     invalidate-session="true"
                     logout-url="/j_spring_security_logout" />

    <security:intercept-url pattern="/" requires-channel="https" access="permitAll" />
    <security:intercept-url pattern="/canvas/list" access="hasRole('ROLE_USER')" requires-channel="https" />
    <security:port-mappings>
        <security:port-mapping http="80" https="443" />
    </security:port-mappings>

</security>


Apache Tomcat server.xml:

<Connector port="80"
           protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

<Connector port="8443"
           protocol="HTTP/1.1"
           SSLEnabled="true"
           maxThreads="150"
           scheme="https"
           secure="true"
           clientAuth="false"
           sslProtocol="TLS"
           keystoreFile="/path/to/keystore.jks"
           keystorePass="password" />

Upvotes: 1

Views: 2093

Answers (1)

CupawnTae
CupawnTae

Reputation: 14600

The only way to achieve this is to use port 443 instead.

The browser will always tell you if you're using a non-standard port, and the standard port for HTTPS is 443.

Similarly, for HTTP if you use any port other than 80, the port number will show in the address bar.

Upvotes: 3

Related Questions