Answer
The Servlet 2.3 specification states (12.8 Specifying Security Constraints):
[...] In most cases, the presence of the INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is required. [...]
The solution is to create a <transport-guarantee element> in a <user-data-constraint> element. Example:
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
Is this item
helpful? yes no
Previous votes Yes: 2 No: 1
|
|
Comments and alternative answers
 |
|
 |
Re[2]: Automatically redirect on SSL port?
Paul Ung, May 29, 2002 [replies:1]
This works for me if I request a specific page like http://www.domain.com:8080/hello.jsp. I then get redirected to https://www.domain.com:8443/hello.jsp like I'm supposed to. But when I request a directory which should give me the index.jsp file, like http://www.domain.com:8080 or http://www.domain.com:8080/subdirectory/ then I get a 404 response. Anybody know why this happens?
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
  |
|
|
|
|
Re[3]: Automatically redirect on SSL port?
Sarah Jin, Oct 13, 2004
I have the same problem as Paul described. Anyone has answer to this?
This works for me if I request a specific page like http://www.domain.com:8080/hello.jsp. I then get redirected to https://www.domain.com:8443/hello.jsp like I'm supposed to. But when I request a directory which should give me the index.jsp file, like http://www.domain.com:8080 or http://www.domain.com:8080/subdirectory/ then I get a 404 response. Anybody know why this happens?
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
XML Incomplete
Lukas Bradley, Dec 9, 2002 [replies:4]
Using the above XML in the <web-app> creates the following error:
PARSE error at line 83 column 12
org.xml.sax.SAXParseException: The content of element type "web-app" must match "(icon?,display-name
?,description?,distributable?,context-param*,filter*,filter-mapping*,listener*,servlet*,servlet-mapp
ing*,session-config?,mime-mapping*,welcome-file-list?,error-page*,taglib*,resource-env-ref*,resource
-ref*,security-constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*)".
It is incomplete. Even with the following, it still gives an error.
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>-->
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
I have tried several URL patterns, and nothing works. I have also added the redirectPort="443" to my server.xml.
Using Tomcat version 4.0.4
Lukas
Is this item
helpful? yes no
Previous votes Yes: 1 No: 0
|
|
|
|
|
Re: XML Incomplete
David Taylor, Feb 24, 2005
I am trying to get SSL forwarding working also. We are using WebSphere / JSF if it matters.
My server.xml doesn't have a "HttpConnector" element to add the redirect port to.
When I enable the CONFIDENTIAL security as defined above (with a url pattern that should match EVERY page, just to be sure), no SSL redirect happens, the website just continues to function in "http" mode instead of https.
Granted in the future we will secure only specific pages, but for now I'd like to see the SSL kick in for ANY page at this point.
Any wiser minds than mine know what I'm missing?
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
Re: XML Incomplete
Rajul Konkar, Jun 22, 2009
Hi Lukas,
This is problem of incorrect sequence of tags,
The sequence should match as given in DTD specification,
You must write the tags in the following order
your problem will get solved .
"(icon?,display-name ?,description?,distributable?,context-param*,filter*,filter-mapping*,listener*,servlet*,servlet-mapp ing*,session-config?,mime-mapping*,welcome-file-list?,error-page*,taglib*,resource-env-ref*,resource -ref*,security-constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*)"
Regards
Rajul Konkar
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
Automatically redirect on SSL port?
T Zin, May 28, 2004 [replies:5]
You are right. If you add security constraint to web.xml such as:
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page
</web-resource-name>
<url-pattern>/web/login/signup.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> ,
where "/web/login/signup.jsp" is relative context path
and SSL Connector has redirectPort="SSL-connector-port",
for example redirectPort="8443"
Tomcat automatically redirect on SSL port.
But there are some problems:
1) after then all other pages will be shown as https:// , but not http.
2) when Tomcat automatically redirect on SSL port submit parameters should not be passed.
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
Re: Automatically redirect on SSL port?
T Zin, May 29, 2004 [replies:4]
You are right. If you add security constraint to web.xml such as:
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page
</web-resource-name>
<url-pattern>/web/login/signup.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
,
where "/web/login/signup.jsp" is relative context path and non-SSL Connector has redirectPort="SSL-connector-port", for example redirectPort="8443" Tomcat automatically redirect on SSL port.
But there are some problems:
1) after then all other pages will be shown as https:// , but not http.
2) when Tomcat automatically redirect on SSL port submit parameters should not be passed.
Is this item
helpful? yes no
Previous votes Yes: 3 No: 0
|
|
|
|
|
|
Re[2]: Automatically redirect on SSL port?
jonah liu, May 25, 2005
I add block
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page
</web-resource-name>
<url-pattern>/web/login/signup.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
but ssl auto-redirect on port 443,I want to use another port
I use tomcat 5.0.X
how to resolve it?
Is this item
helpful? yes no
Previous votes Yes: 1 No: 0
|
|
|
|
|
|
Re[2]: Automatically redirect on SSL port?
sikhar saikia, Jul 25, 2005 [replies:2]
Hi
I have used the above mentioned tags in my web.xml and the redirection hapened automatically. But it threw up another problem.
I used SSL on a knowledge management portal of my company which has a lot of attached documents. But after modifying the web.xml that security constraint <transport-guarentee> as CONFIDENTIAL or INTEGRAL; the attachments of MS office type(Doc, PPT)and pdf and zips stopped opening in Internet Explorer. But if I remove the security constraint tags from web.xml and try directly as https:// then those documents open fine in IE. Can anyone suggest any fix for that
Thanks in Advance
Sikhar
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
|
|
|
Re[4]: Automatically redirect on SSL port?
Ashish Bajpayee, May 29, 2008
Folks ,
There is issue with your Internet Explorer not with the tomcat. YOu have to do follows to resolve this issue:
1. Go to Start -> Run
2. Regedit
3. Open registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
4. In the Right Panel , Create Dword value : "BypassSSLNoCacheCheck’” and set value 0X00000001
5. Close the Registry Editor and Restart the system.
After Reboot, you will not get any problem with download.
Ashish
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
SSL Problem
Damien Gallagher, Nov 19, 2005 [replies:2]
Where exactly do i place the code in my web.xml file?
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
Is this code correct? I placed it my apps web.xml file and nothing worked for me. i placed it tomcat/conf/web.xml and nothing worked. But if i replace the /* with /login.jsp then it auto redirects that page. whatshall i do?
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
Re: SSL Problem
Damien Gallagher, Nov 19, 2005 [replies:1]
sorry just need help on this issue
How do i change my xml file in order to do form based authentication and ssl re direct? they both work individually but cant get them working together
any help greatly appreciated
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
|
Re[2]: SSL Problem
Frank Peng, Jan 28, 2006
Hi guys!
First I would tell you guys I had try to iptable the request from 8080 to 8443, it did not work. Seems need https scheme.
In tomcat, I copied the Connect 8443 and poste, and change 8443 to 8080. It did not work. I do not know why. I should be allowed to configure 2 ports to listen to https, should I?
In this Connector, I changed https to http. It end up the web browser to open a file in /root directory or somewhere crazy like /usr/src. This should not work because there are something like secure="true", ...
After all these failed, I have to try the security-constraint.
I put
<security-constraint>
<web-resource-collection>
<web-resource-name>my ssl pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarentee>CONFIDENTIAL</transport-guarentee>
</user-data-constraint>
</security-constraint>
in /tomcat/conf/web.xml
it did not work.
Then I put it in my context web.xml
../webapps/ROOT/WEB-INF/web.xml
it did not work, either!
Should I do some thing in the server.xml?
I know in Apache-Tomcat combination, they can configure http.conf to rewrite http to https, then Tomcat has no problem to handle it. Now with Tomcat alone, is there any ways to configure it to redirect http to https ?
Please help!
Frank Peng.
Is this item
helpful? yes no
Previous votes Yes: 0 No: 0
|
|
|
|
|
|
|
