I have configured SSL in my web application. I have installed the certificate in my Tomcat as per the required steps.
The tutorial that I have been following is https://www.mulesoft.com/tcat/tomcat-security
I have enforced the use of https over http which means that any request to http will be forwarded to https. I made the following changes in my server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyHost="10.1.1.1" proxyPort="80"
URIEncoding="UTF-8"
maxHttpHeaderSize="32768"/>
The web.xml changes are as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureConnection</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, the redirect that is taking place is temporary re-direct ie 302. I want to use 301 re-direct ie., permanent redirect.
How can I achieve that?
You can configure two virtual hosts (one for http and one for https) which connect to the respective Tomcat backend servlets. You can look at this question for config examples.
This is configured on your Realm. See the transportGuaranteeRedirectStatus
attribute of your particular Realm implementation.
https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html
Ex: server.xml has this out-of-the-box
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
It does not set transportGuaranteeRedirectStatus
so it defaults to 302. If you want to make it use a 301, just add the attribute transportGuaranteeRedirectStatus="301"
to the top level Realm (you may not have nested Realms depending on your configuration) and restart Tomcat.
Ex:
<Realm className="org.apache.catalina.realm.LockOutRealm" transportGuaranteeRedirectStatus="301">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
</Realm>
If you do not have a Realm tag defined in your configuration, Tomcat will default to using a NullRealm. If you want to override the redirect in this situation, you'd just need to define a NullRealm under with the transportGuaranteeRedirectStatus
property set on it.
Hope that helps!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With