Automatically we can redirect non secure HTTP URL to secure HTTPS URL in tomcat. Any web application to secure the data transfer we use to configure https access. Some times even after setting up the https default http still accessible . This could a security thread for the application.
Assuming your already configured HTTPS access for the application , Now we need do the change web.xml in tomcat under apache-tomcat-8.0.36/conf/web.xml to redirect all non http access to https.
<!-- Added to redirect http to https -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Whole Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Now when we access http://localhost:8080/myapp it will be redirected to https://localhost:443/myapp
Assuming your already configured HTTPS access for the application , Now we need do the change web.xml in tomcat under apache-tomcat-8.0.36/conf/web.xml to redirect all non http access to https.
<!-- Added to redirect http to https -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Whole Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Now when we access http://localhost:8080/myapp it will be redirected to https://localhost:443/myapp
0 Comments
Post a Comment