Re: howto redirect

Thu, 26 Jul 2001 09:40:06 -0700 



On Thu, 26 Jul 2001, Bernhard Wraase wrote:

> In the docs it seems simple...
> Even in the thread recently
> 
> But it don't work.
> Each request works:
> http://127.0.0.1:8080 ->http://127.0.0.1:8080/index.html
> https://127.0.0.1:8443 ->https://127.0.0.1:8443/index.html
> 
> But I want this:
> http://127.0.0.1:8080 ->https://127.0.0.1:8443/index.html
> 

If you want Tomcat 4.0 to automatically do this redirect for you, then you
need to set up a security constraint inside the web.xml file of your ROOT
web app, and have that constraint require SSL.  For example:

  <web-app>

    ...

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>The Entire Web App</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

    ...

  </web-app>

In this scenario, we do not have an <auth-constraint>, so we will never
challenge the user for a username or password.  However, the transport
guarantee says that this entire webapp (i.e. all URIs that match "/*") can
only be accessed via SSL, so Tomcat will do an automatic redirect (to port
8443 in this case, because of your server.xml configuration below).

Craig McClanahan


> The server.xml looks like:
> 
>   <Service name="Tomcat-Standalone">
> 
>     <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>     <Connector
> className="org.apache.catalina.connector.http.HttpConnector"
>                port="8080" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="10" debug="0" connectionTimeout="60000"/>
>     <!-- Note : To disable connection timeouts, set connectionTimeout
> value
>      to -1 -->
> 
>     <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
>     <Connector
> className="org.apache.catalina.connector.http.HttpConnector"
>                port="8443" minProcessors="5" maxProcessors="75"
>                enableLookups="true"
>         acceptCount="10" debug="0" scheme="https" secure="true">
>       <Factory
> className="org.apache.catalina.net.SSLServerSocketFactory"
>                keystorePass="nordwest" clientAuth="false"
> protocol="TLS"/>
>     </Connector>
>  --snip--
> --snap--
>  </Service>
> 
> Any suggestions?
> --
> TIA Bernhard Wraase
> 
> 
>

Reply via email to