Tomcat https redirect (security-constraint) for different host

Question

I am trying to redirect the calls from http to https so:

In my server.xml I have two host:

<Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true">
 ...
  </Host>
  <Host name="other.name" appBase="/srv/webapp" 
        unpackWARs="true" autoDeploy="true">
  ...
  </Host>

And I added on /etc/tomcat7/web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
 </security-constraint>

So all request that are going to the localhost host are being redirect to https, however the requests that are going to other.name are not being redirect.

What I want is only the request that are going to other.name be redirect to https, how can I do that?

I tried to put

<url-pattern>other.name/*</url-pattern>

but didn't work. Any suggestion?

score 1 · Answer 1 · edited Apr 18 '18 at 10:42

1

I removed the <security-constraint> from /etc/tomcat7/web.xml and added to the WEB-INF/web.xml of my web application.

edited Apr 18 '18 at 10:42

kenorb

155,785
88
678
743

answered Jun 18 '15 at 08:24

gomes

225
2
11

Yes, I removed the from /etc/tomcat7/web.xml and added to the WEB-INF/web.xml of my web application – gomes Jun 18 '15 at 10:51

Tomcat https redirect (security-constraint) for different host

1 Answers1