tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Wall" <d.w...@computer.org>
Subject Re: How to redirect http to https automatically?
Date Fri, 15 Oct 2004 15:35:51 GMT
I don't know the answer to that.  It's unlikely, though.  You could put
something like Apache in the front and use URL rewriting, which can
basically force any URL with a given pattern to be redirected, either
forcing HTTP or HTTPS and doing the redirect only when the scheme is not
what you want.

In general, though, when you know you are shifting between secure and
insecure, you should perhaps create URLs that make this explicit.  In
general, you enter a secure mode when starting a secure set of transactions,
and then switch back when you are done.  Of course, you could just stay with
HTTPS once they enter secure mode since securing the communications may have
overhead, but it adds privacy.

David


----- Original Message ----- 
From: "Antony Paul" <antonypaul24@gmail.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>; "David Wall"
<d.wall@computer.org>
Sent: Thursday, October 14, 2004 9:42 PM
Subject: Re: How to redirect http to https automatically?


> Is it possible to switch from https to http using this kind of
configuration ?
> I tried with NONE for user constraint but it still remains in https.
>
> rgds
> Antony Paul
>
>
> On Thu, 14 Oct 2004 08:40:31 -0700, David Wall <d.wall@computer.org>
wrote:
> > This is part of the servlet specs.  In  your WEB-INF/web.xml file, you
need
> > a security constraint that says the site should be secure, something
like:
> >
> > <security-constraint>
> >  <web-resource-collection>
> >    <web-resource-name>Entire site</web-resource-name>
> >    <url-pattern>/*</url-pattern>
> >    <http-method>GET</http-method>
> >    <http-method>POST</http-method>
> >  </web-resource-collection>
> >  <user-data-constraint>
> >    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >  </user-data-constraint>
> > </security-constraint>
> >
> > The "confidential" keyword ensures that the webapp will require https,
so if
> > you try to get it via http, then the redirect stuff specifed in your
> > server.xml will be applied.
> >
> > David
> >
> >
> >
> > ----- Original Message -----
> > From: "Won Sim" <wksim@hotmail.com>
> > To: <tomcat-user@jakarta.apache.org>
> > Sent: Wednesday, October 13, 2004 8:13 AM
> > Subject: How to redirect http to https automatically?
> >
> > > I set redirectPort attribute to 443, which is my SSL connector port
> > number,
> > > from port 80 connector in the server.xml. This doesn't redirect http
to
> > > https automatically. In other words, I still can access the
application
> > via
> > > http://server/myapp. I want to know how to redirect http to https
> > > automatically so when I enter http://server/myapp, Tomcat redirects to
> > > htts://server/myapp. I am using Tomcat 4.1.30.
> > >
> > > Thanks in advance.
> > > Won.
> > >
> > > _________________________________________________________________
> > > Don't just search. Find. Check out the new MSN Search!
> > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message