Dunc
Reputation: 8068
HTTPS with Java Server Faces
I'm trying to deploy my Java Server Faces app on tomcat. I want the app only to be accessible using HTTPS. I'm finding that when I move from page to page the application falls back to http. If I modify the url in the browser to use https then the page is displayed.
I'm clearly missing some configuration somewhere. Can anyone suggest where?
Upvotes: 2
Views: 462
Answers (1)
Alexander Pogrebnyak
Reputation: 45596
2 things you can do:
Disable HTTP connector in server.xml.
Add this <security-constraint> to your web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Web App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This will automatically redirect all HTTP requests to HTTPS.
Upvotes: 1
Related Questions
- Webserver handling SSL connection for Tomcat Servlet
- Tomcat - Two Way SSL as Server
- Hitting Tomcat HTTPS URL with a Java Client
- Spring web and tomcat with https
- Calling Https Url
- Java EE/Java Browser Security
- configure Tomcat to support SSL or https
- Java Application using Https Connection:"Connection refused error"
- HTTPS issue with TOMCAT running behind Apache
- SSL Connection from Java client