> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] > Subject: Re: Does Tomcat need a non-ssl connector?
> On 2/12/16, 11:40 AM, m...@kimwana.com wrote: > > Perhaps I should have phrased this differently. I want to force > > clients to ssl. When they hit http://app.myurl.com their browser > > should load https://app.myurl.com > Wouldn't mind knowing that myself. All the Tomcat installations I'm > responsible for are set up to simply reject non-secured connections > (that's EASY, just comment out the non-secured connector); I'm > sure some customers would like it to behave as you describe. Read the servlet spec. Simply set transport-guarantee to CONFIDENTIAL for all URL patterns (/*). You can do this in the global conf/web.xml, if desired. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
