The default web.xml that is in the conf directory on a Windows install of
This is a snippet of the file when viewed through Notepad++.
I added the security contraint to the bottom of this file just before the
ending web-app tag.
I don't recall if this listserv frowns upon URL linking so if you google
"tomcat 8 http to https redirect", the first 3-4 links all say the exact
same thing as what I did to try and implement the http forwarding to https.
As I said in my previous email, it does work for the other web apps, but
the manager-gui seems to act odd. My other web apps do not use the same
type of authentication that the manager-gui does. This may be a red
herring, but that's why I posed the question to this listserv.
On Thu, Sep 22, 2016 at 11:38 AM, Mark Thomas <ma...@apache.org> wrote:
> On 22 September 2016 15:43:47 BST, Mike Johnson <mike.john...@nosm.ca>
> >I did a little more testing and it seems that only the Tomcat
> >Manager/Server (a.k.a. the logged in areas) of the default Tomcat
> >is acting this way. This is perhaps why I thought it was working on
> >My web apps are working as I expected them to, redirecting all traffic
> >the appropriate https url.
> >So, this may be a simpler question now: Can anyone explain to me what
> >happening in the Tomcat manager?
> >Tomcat manager's user prompt seems to override the switch of protocol.
> >to http://localhost/manager/html, never kicks me over to https)
> >Also, once I'm logged into the manager app, if I remove the 's' on
> >and hit enter, it reprompts for a login, and let's me into http.
> >If I continue on in the same session, I can actually use http with
> >seemingly using both sessions I've created :P really messed up.
> >Anyway, this isn't overly important as none of our admins will log into
> >manager remotely, so ssl into manager isn't required. It also seems to
> >fine with the webapp, which is the main goal.
> >On Thu, Sep 22, 2016 at 10:18 AM, Mike Johnson <mike.john...@nosm.ca>
> >> I'm clearly misunderstanding how to do this, but I can't seem to find
> >> appropriate documentation to get me to my goal.
> >> My goal is to have any http request directed to the https equivilant.
> >> On Tomcat 6, I was able to get it working, but something in my config
> >> different, or tomcat 8 has changed slightly enough that what I was
> >doing on
> >> 6 doesn't work on 8.
> >> I'm assuming it's the first, so digging through and comparing all my
> >> config. While I do that, I'm hoping a message here may point me in
> >> right direction.
> >> I've setup my 80 connector to redirect like so:
> >> <Connector port="80"
> >> protocol="HTTP/1.1"
> >> connectionTimeout="20000"
> >> redirectPort="443" />
> >> I've setup my 443 connector like so:
> >> <Connector port="443"
> >> maxThreads="1024" minSpareThreads="25"
> >> enableLookups="false" disableUploadTimeout="true"
> >> acceptCount="101" debug="0"
> >> SSLEnabled="true"
> >> scheme="https"
> >> secure="true"
> >> clientAuth="false"
> >> sslProtocols="TLSv1,TLSv1.1,TLSv1.2"
> >> keystoreFile="my.pfx"
> >> keystoreType="pkcs12"
> >> keystorePass="passw0rd"
> >> />
> >> I've also included the security constraint in my web.xml like this:
> >> <security-constraint>
> >> <web-resource-collection>
> >> <web-resource-name>Protected Context</web-resource-name>
> >> <url-pattern>/*</url-pattern>
> >> </web-resource-collection>
> >> <!-- auth-constraint goes here if you requre authentication -->
> >> <user-data-constraint>
> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >> </user-data-constraint>
> >> </security-constraint>
> >> I googled "http to https tomcat 8" and reviewed the top 10, and I
> >> find anything different from the above either.
> >> Any help would be appreciated. I am admittedly a hacker at this, and
> >> fully understand all the various config files with tomcat yet...
> >> Thanks!
> >> Mike.
> >> --
> >> Mike Johnson
> >> Datatel Programmer/Analyst
> >> Northern Ontario School of Medicine
> >> 955 Oliver Road
> >> Thunder Bay, ON P7B 5E1
> >> Phone: (807) 766-7331
> >> Email: mike.john...@nosm.ca
> Exactly which web.xml file(s) did you edit?
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331