Activities

November 2011
M T W T F S S
« Oct   Dec »
 123456
78910111213
14151617181920
21222324252627
282930  

Enabling ssl only to a web location in Tomcat

Scenario:

I have a domain with SSL enabled which runs in Tomcat. Now I want only certain pages serve only through SSL.

Steps are simple and there is two way to achieve this.

a. Editing web.xml file your application folder and you can control the page navigation from this point onwards.(Recommended)
Eg: /websites/mydomain.com/ROOT/WEB-INF/web.xml

b. Insert rules directly in Servers configuration file.
Eg: /opt/apache-tomcat-7.0.2/conf/web.xml

Note: This may lead all the sites hosted in tomcat to be ssl if one of the sites has the same url pattern like http://site1.com/login or http://site2.com/login. The uri (login) of the both sites forcefully serve over the https.

You may need to add the following entry in your web.xml to get specified uri-pattern get transfer over https.
Here I uses all the uri which matching to “login” will be transferred over the https.

<security-constraint>
<web-resource-collection>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
[/css]

B. Securing all pages only through SSL

Add the following lines in your Tomcat web.xml file.

<!-- redirect all traffic to the SSL port -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL only</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

c. Redirect HTTP to HTTPS on Tomcat

The above code will not re-direct all the request to https when a user type the domain name. If you want users automatically re-direct to https login automatically, You may need to change following value in Tomcat.

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

to be changed to as follows

 <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>