tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Hansen <>
Subject Re: Help with security-constraint in web.xml
Date Mon, 04 Jan 2010 22:09:34 GMT
Thanks for the super quick reply, Chuck! Here's what I did. I changed
the redirectPort on the following two Connector elements. From 8443 to
443. And that did the trick.

/* Previously */
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

/* Currently */
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

You were saying that I should handle the forced HTTPS redirection of
certain pages on the httpd end, right? Can you please elaborate on how
to do it or give me pointers on how it could be done?

Thank you!!

On Mon, Jan 4, 2010 at 2:57 PM, Caldarale, Charles R
<> wrote:
>> From: Joe Hansen []
>> Subject: Help with security-constraint in web.xml
>> What do I need to do so that the user is directed to
>> instead
> Fix the redirectPort attribute in your <Connector> elements in conf/server.xml.
> BTW, since you are front-ending Tomcat with httpd, it would be more efficient to have
httpd handle the SSL stuff, and let Tomcat see the requests in plain text - assuming you have
a secure connection between httpd and Tomcat.
>  - Chuck
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message