You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Vigorito, Nicholas E." <NI...@saic.com> on 2007/06/20 16:13:32 UTC
Tomcat application connect via https only?
I am a newbie to Tomcat. I have 5.0.28. I would like to set up a web
application so that one can ONLY connect to it via https. Anyone know
how I can do this?
I was able to set up Tomcat (via server.xml and certificates) so that
one can connect to the app via either http or https and can even force
it to redirect http to https via the "user-data-constraint" and
"transport-guarentee" elements in the web application's web.xml file.
BTW the application is an Axis web service if that matters any.
Nick
Re: Tomcat application connect via https only?
Posted by ben short <be...@benshort.co.uk>.
I dont know about doing it via the config files, but i guess you could
write a filter that will check the requests url is https and if not
redirect them to the correct the https url.
On 6/20/07, Vigorito, Nicholas E. <NI...@saic.com> wrote:
> Doing that will make it so that ALL apps on the server can only be
> connected to via HTTPS, correct?
>
> Any way to do it just for one app?
>
> Nick
>
> -----Original Message-----
> From: users-return-164892-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.org
> [mailto:users-return-164892-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.o
> rg] On Behalf Of ben short
> Sent: Wednesday, June 20, 2007 11:04 AM
> To: Tomcat Users List
> Subject: Re: Tomcat application connect via https only?
>
> In the server.xml that comes with tomcat there are 2 HTTP/1.1 connectors
> defined. One is on port 8080 the other is on port 8443.
>
> Comment out the 8080 one and uncomemnt the 8443 one and change the port
> to 443.
>
> Install your cert and you should be good to go.
>
> Regards
>
> Ben Short
>
>
>
> On 6/20/07, Vigorito, Nicholas E. <NI...@saic.com> wrote:
> > I am a newbie to Tomcat. I have 5.0.28. I would like to set up a web
> > application so that one can ONLY connect to it via https. Anyone know
> > how I can do this?
> > I was able to set up Tomcat (via server.xml and certificates) so that
>
> > one can connect to the app via either http or https and can even force
>
> > it to redirect http to https via the "user-data-constraint" and
> > "transport-guarentee" elements in the web application's web.xml file.
> > BTW the application is an Axis web service if that matters any.
> > Nick
> >
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat application connect via https only?
Posted by "Vigorito, Nicholas E." <NI...@saic.com>.
Thanks!
-----Original Message-----
From: users-return-164896-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.org
[mailto:users-return-164896-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.o
rg] On Behalf Of Caldarale, Charles R
Sent: Wednesday, June 20, 2007 11:16 AM
To: Tomcat Users List
Subject: RE: Tomcat application connect via https only?
> From: Vigorito, Nicholas E. [mailto:NICHOLAS.E.VIGORITO@saic.com]
> Subject: RE: Tomcat application connect via https only?
>
> Doing that will make it so that ALL apps on the server can only be
> connected to via HTTPS, correct?
>
> Any way to do it just for one app?
It depends on where you put the <transport-guarantee>. If it's in the
global conf/web.xml, it will apply to all webapps; if it's in a
WEB-INF/web.xml, it applies just to that webapp. Read the servlet spec.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat application connect via https only?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Vigorito, Nicholas E. [mailto:NICHOLAS.E.VIGORITO@saic.com]
> Subject: RE: Tomcat application connect via https only?
>
> Doing that will make it so that ALL apps on the server can only be
> connected to via HTTPS, correct?
>
> Any way to do it just for one app?
It depends on where you put the <transport-guarantee>. If it's in the
global conf/web.xml, it will apply to all webapps; if it's in a
WEB-INF/web.xml, it applies just to that webapp. Read the servlet spec.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat application connect via https only?
Posted by "Vigorito, Nicholas E." <NI...@saic.com>.
Doing that will make it so that ALL apps on the server can only be
connected to via HTTPS, correct?
Any way to do it just for one app?
Nick
-----Original Message-----
From: users-return-164892-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.org
[mailto:users-return-164892-NICHOLAS.E.VIGORITO=saic.com@tomcat.apache.o
rg] On Behalf Of ben short
Sent: Wednesday, June 20, 2007 11:04 AM
To: Tomcat Users List
Subject: Re: Tomcat application connect via https only?
In the server.xml that comes with tomcat there are 2 HTTP/1.1 connectors
defined. One is on port 8080 the other is on port 8443.
Comment out the 8080 one and uncomemnt the 8443 one and change the port
to 443.
Install your cert and you should be good to go.
Regards
Ben Short
On 6/20/07, Vigorito, Nicholas E. <NI...@saic.com> wrote:
> I am a newbie to Tomcat. I have 5.0.28. I would like to set up a web
> application so that one can ONLY connect to it via https. Anyone know
> how I can do this?
> I was able to set up Tomcat (via server.xml and certificates) so that
> one can connect to the app via either http or https and can even force
> it to redirect http to https via the "user-data-constraint" and
> "transport-guarentee" elements in the web application's web.xml file.
> BTW the application is an Axis web service if that matters any.
> Nick
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat application connect via https only?
Posted by ben short <be...@benshort.co.uk>.
In the server.xml that comes with tomcat there are 2 HTTP/1.1
connectors defined. One is on port 8080 the other is on port 8443.
Comment out the 8080 one and uncomemnt the 8443 one and change the port to 443.
Install your cert and you should be good to go.
Regards
Ben Short
On 6/20/07, Vigorito, Nicholas E. <NI...@saic.com> wrote:
> I am a newbie to Tomcat. I have 5.0.28. I would like to set up a web
> application so that one can ONLY connect to it via https. Anyone know
> how I can do this?
> I was able to set up Tomcat (via server.xml and certificates) so that
> one can connect to the app via either http or https and can even force
> it to redirect http to https via the "user-data-constraint" and
> "transport-guarentee" elements in the web application's web.xml file.
> BTW the application is an Axis web service if that matters any.
> Nick
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org