3

I am trying to force a connection to http://localhost:8443 to https://localhost:8443. The site works correctly if they go to https://localhost:8443. In case the user forgets the s in https I would like tomcat to correct it for them.

I only have one connector for https, defined as:

<Connector port="8443" rediretPort="8443"
    protocol="HTTP/1.1" 
    connectionTimeout="20000" 
    SSLEnabled="true"
    maxThreads="150" 
    scheme="https" 
    secure="true"
    clientAuth="false" 
    sslProtocol="TLS" 
    keyAlias="alias"
    keystoreFile="keystore.jks"
    keypass="PASSWORD"
/>

This is on a Windows server. Tomcat 6 is a standalone server (not connected to IIS).

I have tried to modify web.xml to include the following:

<security-constraint>
 <web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
      <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>

This does not work for me. From what I have read, this would redirect a user from http://localhost:8080 to https://localhost:8443 (if the connector 8080 defined the redirectPort as 8443).

I am not sure this is even possible with a standalone Tomcat server. I know this is possible with apache mod_rewrite or some other similar solution, but I do not want to install any other service on the Windows machine.

Tao Zhyn
  • 187
  • 1
  • 7

1 Answers1

0

when your first sentence is not a typo, just add a connector for http on port 8080 and add the redirect as you described. you can't have http and https listen on the same port. so let http listen on port 8080 and https on port 8443.

Christian
  • 4,703
  • 2
  • 24
  • 27
  • That does not help when a user types `http://localhost:8443`. This would work if they did not have to specify a port. Unfortunately the defaults ports 80/443 are in use. Thus I have to use port 8443. My issue was if it was possible to have a http and https listen on the same port. As you stated they cannot. I guess what I was trying to do is not possible. – Tao Zhyn Jan 26 '10 at 22:45
  • could you add a vhost to your webserver already listening on port 80/443? you could configure it to act as a reverse proxy in front of your tomcat. this way your users could use the default ports. – Christian Jan 28 '10 at 06:45