Is it possible, with Tomcat, to allow ONLY secure connections (HTTPS) for a Context or a Directory?
Then, you need to add
<security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>to your web application descriptor (web.xml) and change the url-pattern to match the directory you want to access only via HTTPS.
Please, keep in mind that since the web application descriptor is an XML file, attributes definition order is important. All attributes are optional but defining them in the wrong place may prevent your application to act as you expect.