web.xml file (located in the WEB-INF director under the specific app directory)
1. Add a user-data-constraint under the security-constraint directive.
<security-constraint>
<web-resource-collection>
<web-resource-name>
REST calls
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
server.xml file (located in the conf directory within your tomcat instance)
Scenario 1: Tomcat is acting as the web server, in addition to being the servlet container.
1. server.xml: Set the redirectPort property on the Connector directive that specifies where Tomcat is listening for HTTP traffic. Here, Tomcat is listening on 8080 for HTTP traffic and has a redirectPort of 8443.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
2. server.xml: Add a Connector directive for SSL with same port you specified in Step 1.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
keystoreFile="/etc/ssl/tomcat/keystore.jks" keystorePass="password"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Scenario 2: Tomcat is only acting as a servlet container. Apache httpd (or other flavor) is acting as the web server.
1. server.xml: Set the redirectPort property on the Connector directive where Tomcat is listening for AJP calls (in Apache httpd - the modJk module acts as the connector to Tomcat). Here we're setting the redirectPort to where Apache httpd is configured for SSL.
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8909" protocol="AJP/1.3" redirectPort="443" />
Copyright ©1993-2024 Joey E Whelan, All rights reserved.
