...
Code Block | ||
---|---|---|
| ||
<Connector port="8443″ maxThreads="150″ minSpareThreads="25″ maxSpareThreads="75″ enableLookups="true" disableUploadTimeout="true" acceptCount="100″ debug="0″ scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="./webapps/mywebservices.bin" keystorePass="Password123" /> |
You can start Tomcat and check the SSL works by using a browser and going to the url, https://\[Server-IP\]:8443/ Wiki Markup
Tomcat still runs in normal mode too, i.e on port 8080 with http. Depending on your configuration this may not be desireable for your application. If so, you will want to continue to the next step to configure your web application to only work on 8443.
Configuring Web Application to Only Accept SSL Connections
Take an application which has already been deployed successfully in Tomcat and first access it through http and https to see if it works fine. If yes, then open the web.xml of that application and just add the following XML fragment before web-app ends i.e </web-app>
Code Block | ||
---|---|---|
| ||
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> |
Explanation of the fragment is beyond the scope of this tutorial but all you should notice is that the /* indicates that now, any resource in your application can be accessed only with https be it Servlets or JSP's. The term CONFIDENTIAL is the term which tells the server to make the application work on SSL. If you want to turn the SSL mode for this application off then just turn don't delete the fragment. Just put the value as NONE instead of CONFIDENTIAL.
Resources
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/ - also provides steps