The default web.xml that is in the conf directory on a Windows install of tomcat.
This is a snippet of the file when viewed through Notepad++. I added the security contraint to the bottom of this file just before the ending web-app tag. I don't recall if this listserv frowns upon URL linking so if you google "tomcat 8 http to https redirect", the first 3-4 links all say the exact same thing as what I did to try and implement the http forwarding to https. As I said in my previous email, it does work for the other web apps, but the manager-gui seems to act odd. My other web apps do not use the same type of authentication that the manager-gui does. This may be a red herring, but that's why I posed the question to this listserv. Thanks! Mike. On Thu, Sep 22, 2016 at 11:38 AM, Mark Thomas <ma...@apache.org> wrote: > On 22 September 2016 15:43:47 BST, Mike Johnson <mike.john...@nosm.ca> > wrote: > >I did a little more testing and it seems that only the Tomcat > >Manager/Server (a.k.a. the logged in areas) of the default Tomcat > >install > >is acting this way. This is perhaps why I thought it was working on > >Tomcat > >6. > > > >My web apps are working as I expected them to, redirecting all traffic > >to > >the appropriate https url. > > > >So, this may be a simpler question now: Can anyone explain to me what > >is > >happening in the Tomcat manager? > > > >Tomcat manager's user prompt seems to override the switch of protocol. > >(go > >to http://localhost/manager/html, never kicks me over to https) > > > >Also, once I'm logged into the manager app, if I remove the 's' on > >https > >and hit enter, it reprompts for a login, and let's me into http. > > > >If I continue on in the same session, I can actually use http with > >443... > >seemingly using both sessions I've created :P really messed up. > > > >Anyway, this isn't overly important as none of our admins will log into > >manager remotely, so ssl into manager isn't required. It also seems to > >work > >fine with the webapp, which is the main goal. > > > >Thanks! > >Mike. > > > > > > > >On Thu, Sep 22, 2016 at 10:18 AM, Mike Johnson <mike.john...@nosm.ca> > >wrote: > > > >> I'm clearly misunderstanding how to do this, but I can't seem to find > >> appropriate documentation to get me to my goal. > >> > >> My goal is to have any http request directed to the https equivilant. > >> > >> On Tomcat 6, I was able to get it working, but something in my config > >is > >> different, or tomcat 8 has changed slightly enough that what I was > >doing on > >> 6 doesn't work on 8. > >> > >> I'm assuming it's the first, so digging through and comparing all my > >> config. While I do that, I'm hoping a message here may point me in > >the > >> right direction. > >> > >> I've setup my 80 connector to redirect like so: > >> > >> <Connector port="80" > >> protocol="HTTP/1.1" > >> connectionTimeout="20000" > >> redirectPort="443" /> > >> > >> > >> I've setup my 443 connector like so: > >> <Connector port="443" > >> maxThreads="1024" minSpareThreads="25" > >maxSpareThreads="75" > >> enableLookups="false" disableUploadTimeout="true" > >> acceptCount="101" debug="0" > >> SSLEnabled="true" > >> scheme="https" > >> secure="true" > >> clientAuth="false" > >> sslProtocols="TLSv1,TLSv1.1,TLSv1.2" > >> keystoreFile="my.pfx" > >> keystoreType="pkcs12" > >> keystorePass="passw0rd" > >> /> > >> > >> > >> I've also included the security constraint in my web.xml like this: > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Protected Context</web-resource-name> > >> <url-pattern>/*</url-pattern> > >> </web-resource-collection> > >> <!-- auth-constraint goes here if you requre authentication --> > >> <user-data-constraint> > >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > >> </user-data-constraint> > >> </security-constraint> > >> > >> > >> I googled "http to https tomcat 8" and reviewed the top 10, and I > >can't > >> find anything different from the above either. > >> > >> Any help would be appreciated. I am admittedly a hacker at this, and > >don't > >> fully understand all the various config files with tomcat yet... > >> > >> Thanks! > >> Mike. > >> > >> -- > >> Mike Johnson > >> Datatel Programmer/Analyst > >> Northern Ontario School of Medicine > >> 955 Oliver Road > >> Thunder Bay, ON P7B 5E1 > >> Phone: (807) 766-7331 > >> Email: mike.john...@nosm.ca > >> > > Exactly which web.xml file(s) did you edit? > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
