This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes Tomcat with SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Tomcat with SSL" Watch "Tomcat with SSL" New topic

Tomcat with SSL

Nuno Miguel Santos

Joined: Nov 01, 2011
Posts: 10
Hi everyone,

I'm almost getting close to finishing my configuration of Tomcat.

The trouble I'm having is in regard to both my client application and my browser.

I want that when a user accesses Tomcat with his browser, that it can only access through https, so that I can use certificates to authenticate.

In my client application, when I communicate with axis2, I only want to use http, so I don't overload the server. I'm using apache rampart with password callbacks that use certificates, so there is no problem in not using https.

Now, this is were the problem starts. Here's what I've managed to get to work:

Allow SSL on tomcat, client certification works like a charm with the browsers. However, the server is still accessible through http://localhost:8080. Here is my server.xml in regard to this matter:

Shouldn't it redirect to the 8443 port?

My client application can communicate with no problem through the 8080 port.

So what am I doing wrong?

This is the only way I know of to restrict external access to tomcat.
I agree. Here's the link:
subject: Tomcat with SSL