Yea I thought of this, the problem is I currently have a user area that requires a login and all this is currently configured in web.xml and I'm not sure how all this will fit together. I'll try a few things out and see what happens.
Thanks for taking the time to respond Duncan On 17 December 2014 at 17:20, Mark Thomas <ma...@apache.org> wrote: > On 17/12/2014 17:10, Lyallex wrote: >> Tomcat 7.0.42 >> jdk1.7.0_51 >> Ubuntu 12.04/CentOS dev/deploy >> >> I have been reading more and more about Google and the like >> prioritising sites that employ https/ssl by default. Currently my site >> does not use https but delegates payment to a secure payment provider >> who does, thusly I have avoided going through the pain of >> certification etc, now it appears I have little option but to >> implement https site wide. I have managed to get a keystore going and >> have configured tomcat to serve a self signed certificate when >> accessing the site by https (default port 443) >> >> so http://localhost accesses the home page >> and https://localhost pops up a warning in Firefox regarding an >> unknown certification authority. This is all good and I'm pretty sure >> I understand so far. >> >> I have noticed that if I type http://www.google.co.uk in to a browser >> the address is automatically changed (redirected) to >> https://www.google.co.uk and I would like the same to happen to my >> site. >> >> Here is the question. >> Is this 'redirection' something I need to configure myself , (can it >> be done in server.xml for example) or is this something the people I >> rent my server from need to do at their end. > > It depends on exactly how things are set up. > > The first thing I would try is adding something like the following to > your web.xml: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Everything</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > If I have remembered my syntax correctly, that should route every > request to https if it isn't already. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org