> Am 20.07.2019 um 16:47 schrieb Richard Huntrods <>:
> OK. That was really weird.
> As I said in my message, following the directions on the web did NOT
> work. It didn't force redirection from http to https.
> What it DID end up doing was to kill the tomcat servlet application.
> Before the change it was working fine, and after the change it would
> only generate a 404 page.
> I reverted to the original /conf/web.xml, restarted tomcat and the
> servlet application is back up and running perfectly.
> So this code in /conf/web.xml affected the servlet but not the ROOT
> static web pages.
> I'm thinking I need to make the change I noted, but in ROOT/web.xml
> instead. I'll try that today. But it was weird that the change in
> /conf/web.xml killed the servlet but didn't affect the ROOT static pages
> at all. Especially weird  since the servlet application ONLY runs on
> port 443 (https).

Be careful where you put that element. If I remember correctly the order of the 
elements for web.xml is quite picky (at least it was when I added it a couple 
of years ago).

In my app this goes right after welcome-file-list and before error-page.

The error log should you show the reason why the app does not start or start 


> -R
> On 7/19/2019 7:18 PM, Richard Huntrods wrote:
>> I tried implementing automatic redirection from HTTP to HTTPS on my
>> tomcat today, but it's not working.
>> First, my system:
>> OS: Ubuntu 18.04.2 LTS (server)
>> Tomcat: 9.0.22 (installed from tomcat distribution, not via apt get)
>> Java: OpenJDK "11.0.3" 2019-04-16
>> Mysql: Ver 14.14 Distrib 5.7.26
>> This web application has it's own domain (let's call it ""
>> ) and has working HTTPS - and has done  for some time now.
>> Static web pages are served on this application via tomcat using the
>> ROOT directory ../tomcat/webapps/ROOT
>> Again, this is working just fine. If I type ""; I
>> see the secure static pages. If I type ""; I see the
>> same pages, but browsers inform me the page isn't secure.
>> I want to force tomcat to redirect ""; to
>> ""; always.
>> I found instructions for auto-redirection on several on-line sites,
>> and all had the same instructions.
>> I already have the redirect code in server.xml:
>> <Connector port="80" protocol="HTTP/1.1"
>>              connectionTimeout="20000"
>>              redirectPort="443" />
>> So all I had to add (according to the instructions) was code at the
>> end of ...tomcat/conf/web.xml
>>   <security-constraint>
>>       <web-resource-collection>
>>       <web-resource-name>Secured</web-resource-name>
>>       <url-pattern>/*</url-pattern>
>>       </web-recource-collection>
>>       <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>       </user-data-constraint>
>>   </security-constraint>
>> just before the final </web-app>
>> I did this and restarted tomcat. It doesn't work.
>> After restarting tomcat, if I type in ""; I still
>> see the unsecured version. It does not auto-redirect to https.
>> What am I missing?
>> Thanks,
>> -Richard
> ---
> This email has been checked for viruses by Avast antivirus software.
> --
> This communication is intended for the use of the recipient to whom it is 
> addressed, and may contain confidential, personal, and or privileged 
> information. Please contact us immediately if you are not the intended 
> recipient of this communication, and do not copy, distribute, or take action 
> relying on it. Any communications received in error, or subsequent reply, 
> should be deleted or destroyed.
> ---
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to