Thad, Worked like a charm... thanks..
Sincerely, Robert Jenkin Surecomp Services, Inc. 2 Hudson Place, 4th Floor Hoboken, NJ 07030 Skype: robert.jenkin Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537 http://www.Surecomp.com -----Original Message----- From: Thad Humphries [mailto:thad.humphr...@gmail.com] Sent: Tuesday, February 01, 2011 1:38 PM To: Tomcat Users List Subject: Re: ssl application While doing some SSL research last week, I stumbled on this: https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration If you wish to secure the entire tomcat installation (which can be done regardless of how you provide SSL), add the following to TOMCAT_HOME/conf/web.xml inside the web-app tags: <!-- redirect all traffic to the SSL port --> <security-constraint> <web-resource-collection> <web-resource-name>Automatic SLL Forwarding</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> It worked for me (Linux, Tomcat 6.0.30, JRE 1.5.0_22). On Tue, Feb 1, 2011 at 1:31 PM, <robert.jen...@surecomp.com> wrote: > Hello all... > > I have configured ssl on tomcat 7 and I am able to access my application > via ssl and non-ssl. What I am trying to figure out is how to configure > tomcat so that my application is only available via ssl. Is there a way to > do this? I have read the tomcat 7 document on ssl, but, did not take note of > anything indicating how to do this. > > Thanks > > Bob Jenkin > > This mail was sent via Mail-SeCure System. > > > -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v, 121-24) This mail was sent via Mail-SeCure System.
