2012/6/5 Timothy J Schumacher <tim.schumac...@colorado.edu>: > > We make a piece of IT equipment with tomcat running inside serving an > application that acts as the administration console for the device. There > is also a firefox browser running inside the equipment that exposes the web > application in question on the front panel touchscreen of the device. The > device also can be plugged into a network to facilitate remote management > via the web application. (...)
Why do you need transport CONFIDENTIAL in your web.xml? Do you have some pages that are accessed via HTTP and some that are only HTTPS on the same Tomcat? That is when you need HTTP -> HTTPS redirection when user comes to the protected part. If your tomcat serves only administrative console webapp, I think it could be a more simple configuration: 1) remove transport-guarantee CONFIDENTIAL 2) configure HTTPS connector that is accessible from outside (either do not specify address - to bind on all of them, or specify device's public IP) 3) configure HTTP connector with address="127.0.0.1" (no need for secure="true") This way the HTTP connector binds on the loopback address only and is not accessible from outside, regardless of your web.xml. If things are more complicated, you could implement a Filter that does the same job as transport-guarantee. The Connector that the client connects to could be distinguished by ServletRequest.getLocalAddr(), getLocalPort(), getScheme(). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
