4

I am trying to run a servlet on tomcat in eclipse. When i do run on server, the servlet runs and provides me with a link like follows:

"http://localhost:8443/AuthServer/Server"

I have configured my Tomcat server for SSL as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\owner\.keystore" keystorePass="sheetalkshirsagar">

When I run the servlet on server it still uses http. I want my link to the servlet to be "https://..." instead of "http://..". How do you do that?

Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
user1324539
  • 41
  • 1
  • 1
  • 2

3 Answers3

7

If you want to be sure to use the https protocol when you send request to that servlet you need to change the WEB-INF/web.xml file in your web application. In your case add this configuration params:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AuthServer</web-resource-name>
        <url-pattern>/Server</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
dash1e
  • 7,677
  • 1
  • 30
  • 35
4

In TOMCAT_HOME/conf folder, there’s a file named web.xml. In there, you have to add a security-constraint element.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>secured page</web-resource-name>
        <url-pattern>/...</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Make sure that <url-pattern> matches your path that you want to be secured.

Community
  • 1
  • 1
Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
  • 3
    Do not change that param on global `web.xml` or it will be valid for every tomcat application that runs on that Tomcat. But use the `web.xml` under `WEB-INF` of your application. – dash1e Apr 10 '12 at 16:43
  • @dash1e, consider reading my last statement on my post. Yes, you can add it on your `WEB-INF/web.xml`, but the OP wants to configure Tomcat to do it. – Buhake Sindi Apr 11 '12 at 06:26
  • Setting it inside the WEB-INF/web.xml IS configuring Tomcat to do it. – Cdaragorn Jan 25 '17 at 18:06
0

If I understand your problem correctly, you are publishing a URL for http from a web page served by your servlet.
If you need to change the request to be https instead you should redirect your plain http connector (in port 80 or 8080 where you have it) to connector for port 443.
If you google tomcat redirect http to https you wil find plenty of links e.g. redirect tomcat to https

But I would recomend that you did not redirect if you are interested in real security

Cratylus
  • 52,998
  • 69
  • 209
  • 339