Is it possible, with Tomcat, to allow ONLY secure connections (HTTPS) for a Context or a Directory?

Daniele Galluccio

For allowing only HTTPS (secure) connections, you need to activate Tomcat's the SSL support. If you need help on this, just refer to the Tomcat SSL Configuration HOW-TO documentation pages.

Then, you need to add


<security-constraint>
	<web-resource-collection>
		<web-resource-name>Entire Application</web-resource-name>
		<url-pattern>/*</url-pattern>
	</web-resource-collection>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>
to your web application descriptor (web.xml) and change the url-pattern to match the directory you want to access only via HTTPS.

Please, keep in mind that since the web application descriptor is an XML file, attributes definition order is important. All attributes are optional but defining them in the wrong place may prevent your application to act as you expect.

Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

About | Sitemap | Contact