Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Perform 301 redirect from http to https in Apache Tomcat

Tags:

ssl

apache

tomcat

I have configured SSL in my web application. I have installed the certificate in my Tomcat as per the required steps.

The tutorial that I have been following is https://www.mulesoft.com/tcat/tomcat-security

I have enforced the use of https over http which means that any request to http will be forwarded to https. I made the following changes in my server.xml

<Connector port="8080" protocol="HTTP/1.1" 

           connectionTimeout="20000" 

           redirectPort="443"

           proxyHost="10.1.1.1" proxyPort="80"

           URIEncoding="UTF-8"

           maxHttpHeaderSize="32768"/>
  • See more at: https://www.mulesoft.com/tcat/tomcat-security#sthash.6zIVA27x.dpuf

The web.xml changes are as follows:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>SecureConnection</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

However, the redirect that is taking place is temporary re-direct ie 302. I want to use 301 re-direct ie., permanent redirect.

How can I achieve that?

like image 364
Hardik Kamdar Avatar asked Sep 28 '15 07:09

Hardik Kamdar


People also ask

Can Tomcat run on both HTTP and HTTPS?

You can configure two virtual hosts (one for http and one for https) which connect to the respective Tomcat backend servlets. You can look at this question for config examples.


1 Answers

This is configured on your Realm. See the transportGuaranteeRedirectStatus attribute of your particular Realm implementation.

https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html

Ex: server.xml has this out-of-the-box

  <Realm className="org.apache.catalina.realm.LockOutRealm">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase"/>
  </Realm>

It does not set transportGuaranteeRedirectStatus so it defaults to 302. If you want to make it use a 301, just add the attribute transportGuaranteeRedirectStatus="301" to the top level Realm (you may not have nested Realms depending on your configuration) and restart Tomcat.

Ex:

  <Realm className="org.apache.catalina.realm.LockOutRealm" transportGuaranteeRedirectStatus="301">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase" />
  </Realm>

If you do not have a Realm tag defined in your configuration, Tomcat will default to using a NullRealm. If you want to override the redirect in this situation, you'd just need to define a NullRealm under with the transportGuaranteeRedirectStatus property set on it.

Hope that helps!

like image 72
Daniel Mikusa Avatar answered Oct 16 '22 11:10

Daniel Mikusa