On 17 December 2014 at 22:37, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Duncan, > > On 12/17/14 12:32 PM, Lyallex wrote: >> Yea I thought of this, the problem is I currently have a user area >> that requires a login and all this is currently configured in >> web.xml and I'm not sure how all this will fit together. I'll try a >> few things out and see what happens. > > You can have multiple, overlapping security-constraints. One of them > (which covers the whole site) will require HTTPS, the other (existing > one) will require authentication and authorization, but only for > certain (again, existing) URL patterns. > > Should be no problem.
You are correct, I followed Marks instructions, set up a new security constraint and restarted the server now when I access localhost I get 'redirected' to https://localhost which is what I wanted, it was the whole overlapping security-constraint thing that was vexing me somewhat. I can also log into my user and admin areas as normal which is a relief but I'm getting some problems with AJAX not updating the live areas of my site so I'll have to look into that. Now I know this is probably OT but I'm in the UK and was wondering if anyone has found a UK certification co that has decent customer support as I now have to figure out how to buy and install a certificate with the right params in a standalone Tomcat instance. My server hosts don't offer support in this area as they seem to be obsessed with Apache httpd :-( Many thanks Duncan > > - -chris > >> On 17 December 2014 at 17:20, Mark Thomas <ma...@apache.org> >> wrote: >>> On 17/12/2014 17:10, Lyallex wrote: >>>> Tomcat 7.0.42 jdk1.7.0_51 Ubuntu 12.04/CentOS dev/deploy >>>> >>>> I have been reading more and more about Google and the like >>>> prioritising sites that employ https/ssl by default. Currently >>>> my site does not use https but delegates payment to a secure >>>> payment provider who does, thusly I have avoided going through >>>> the pain of certification etc, now it appears I have little >>>> option but to implement https site wide. I have managed to get >>>> a keystore going and have configured tomcat to serve a self >>>> signed certificate when accessing the site by https (default >>>> port 443) >>>> >>>> so http://localhost accesses the home page and >>>> https://localhost pops up a warning in Firefox regarding an >>>> unknown certification authority. This is all good and I'm >>>> pretty sure I understand so far. >>>> >>>> I have noticed that if I type http://www.google.co.uk in to a >>>> browser the address is automatically changed (redirected) to >>>> https://www.google.co.uk and I would like the same to happen to >>>> my site. >>>> >>>> Here is the question. Is this 'redirection' something I need to >>>> configure myself , (can it be done in server.xml for example) >>>> or is this something the people I rent my server from need to >>>> do at their end. >>> >>> It depends on exactly how things are set up. >>> >>> The first thing I would try is adding something like the >>> following to your web.xml: >>> >>> <security-constraint> <web-resource-collection> >>> <web-resource-name>Everything</web-resource-name> >>> <url-pattern>/*</url-pattern> </web-resource-collection> >>> <user-data-constraint> >>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>> </user-data-constraint> </security-constraint> >>> >>> If I have remembered my syntax correctly, that should route >>> every request to https if it isn't already. >>> >>> Mark >>> >>> >>> --------------------------------------------------------------------- >>> >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUkgWTAAoJEBzwKT+lPKRYVgYP/0MIsch7SiF2bcMqJtDG7Ovn > OFSRej7i+6Mjd0efs6h7QKUqAep8C0QKufOFH7Isn2aZa2TYLQXWIKVJtDqbAqz+ > 92K/gpWtZ2FGkB/Qg0GNPWNg/em5u/XWJeFjqMPfufZIk/yIZkMByFzDjXiuS/0n > rIdadWqzjvkMJcKAfRzO5CuVPcennzovSLB2/ReGA4lYLzc7b81Stxe+6pE0JBg/ > XVzu0BFLuBfKHL0KYL/7TFaYQOpbkSc0ROS3UtzNVNyquXMwYjqCDImpcElvnYYZ > XX1eMNFnOf6M+sPItHllJiWHzaQYd3vA9axHeE5/F5XiXruYr8V714jRdQH+XCwX > FxcalpMw3wbw8OVwFkRZKzlbBhDeWJiurT2vIols5rHjqtrOwDDMrwt7Nzx57VUD > 5HTBb+Ghk8lMFfd/VSh6+NjFfqwp5yAvlUhU4PqNrEkjmx150/JBYa9cfVNFwnk7 > Wbfb3sWsTzrYPIgw5yOzoI9X3R5gALFBpRqjnhdrJw0wht8s4GNJbpwq4zwQiGto > PSyW3mUnMrxarTK4Wq+enRSaQQWgc7BMELdrsH0ixwG8EAA5gCRhfBSV6SVcGAaY > tyuNgJv6Pt+C3xQW/BaXOe24mmxuVmjJU0G6A2oFnPiC3J/gbiwPECjFIAR7yEWp > 5ZRKipmvLh3vAoJcvvgR > =hjT0 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
