On 1/11/2021 6:11 PM, Mark Thomas wrote:
On 12/01/2021 00:00, Jerry Malcolm wrote:
I have a standalone tomcat. TC is configured to redirect any port 80
requests to https/443. It works fine on pages that aren't protected by
web.xml security constraints. However, if a page is protected, the
login page appears while still in non-ssl http mode. For years, I've had
httpd sitting in front of TC handling the ssl stuff. So this is new
territory for us. Have we got something misconfigured or perhaps out of
order that is pushing the ssl redirect down in the process? Suggestions?
How have you configured the http -> https redirect?
Mark
Hi Mark, This is a snippit from my main web.xml file:
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd";
version="3.1">
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
