How do you start a java servlet over https?

Question

I am trying to run a servlet on tomcat in eclipse. When i do run on server, the servlet runs and provides me with a link like follows:

"http://localhost:8443/AuthServer/Server"

I have configured my Tomcat server for SSL as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\owner\.keystore" keystorePass="sheetalkshirsagar">

When I run the servlet on server it still uses http. I want my link to the servlet to be "https://..." instead of "http://..". How do you do that?

Answer 1

If you want to be sure to use the https protocol when you send request to that servlet you need to change the WEB-INF/web.xml file in your web application. In your case add this configuration params:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AuthServer</web-resource-name>
        <url-pattern>/Server</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Answer 2

In TOMCAT_HOME/conf folder, there’s a file named web.xml. In there, you have to add a security-constraint element.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>secured page</web-resource-name>
        <url-pattern>/...</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Make sure that <url-pattern> matches your path that you want to be secured.