Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL for specific pages/url-patterns in tomcat

Tags:

java

ssl

configuration

tomcat

war

I recently configured tomcat 6 with SSL and client authentication, but the only way I could do it was modifying server configuration files (web.xml, server.xml). But as I don't have full control over the deployment server, I would like to configure everything just for some pages or url-patterns of my application without modifying the main configuration files.

For example: Main server:

  • Application1 -> HTTP
  • Application2 -> HTTP
  • MyApplication -> HTTPS

If somebody knows how to do it, please tell me.

like image 389
Timoteo Ponce Avatar asked Nov 25 '10 23:11

Timoteo Ponce

1 Answers

The only way to get https going is to write the appropriate connector on the server.xml file under the <service> tag. Once you setup the connector you can access all applications in the server with http or https. The only difference is what connector gets used. Typically the connectors for http and https look like these:

<Connector port="80" protocol="HTTP/1.1"
           maxThreads="150" connectionTimeout="20000"
           redirectPort="443"
           URIEncoding="UTF-8" compression="on"/>

<Connector port="443" protocol="HTTP/1.1"
           maxThreads="150" connectionTimeout="20000"
           SSLEnabled="true" scheme="https" secure="true"
           keystoreFile="conf/.keystore"
           keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"
           URIEncoding="UTF-8" compression="on"/>

You can then force your application to always use https by adding the transport-guarantee tag to web.xml which ends up something like this:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Administrators</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Administrators</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

You can change the transport-guarantee for the different web resources you define. Thus allowing you to protect certain parts of the site and not others.

At the very end having the connector in server.xml does not force you yo use https for all applications. It only allows the use of the https connector.

like image 182
Ricardo Marimon Avatar answered Sep 20 '22 23:09

Ricardo Marimon
Sign in to Comment

Related questions

Using @ElementCollection in CriteriaQuery (or Querying over the content of an @ElementCollection)
Dynamic java bean from xsd
Sending a C++ struct over UDP in Java
Run JUnit Test suite from command line
Where on a remote workstation should I put a CSV-config file for distributed JMeter testing?
Setting a TextView width in java
How to type into input field with WicketTester?
Java code - looking for source code
is there a string to map splitter in google collections
Are there known problems using Scala with Apache Camel?
Programmatically determining JNDI root context / ear name in JBoss 5.1
How to use Spring to get the value of an Enum
Submit aspx page from java
How to set up the root servlet in Tomcat 6? [duplicate]
How to convert byte array to BigInteger in java
Removing redundant JUnit testsuite tests
How to I define and get locale-based messages in Spring MVC?
altering JFileChooser behaviour : preventing "choose" on enter in file path JTextField
Spring Application Context Load Order
Spring MVC Error Messages

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!