File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes How to remove the port number in https adress? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to remove the port number in https adress?" Watch "How to remove the port number in https adress?" New topic
Author

How to remove the port number in https adress?

Christian Haugen
Greenhorn

Joined: Jul 06, 2007
Posts: 5
Hi!

I have set up a tomcat server with ssl that works fine as long as I go to the adress https://adress:8443 I want to get rid of the port number, is there any easy way to do this so that tomcat understands the https request that comes in?

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystorePass="changeit" sslProtocol="TLS" keystoreFile="/root/.keystore" truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts" />

This is my ssl connector in my server.xml. I tried getting a redirct from http to https going but couldn't do that in tomcat alone, any tips on that aswell? I have done this:

<Connector port="8080" protocol="HTTP/1.1"

redirectPort="8443" />

With no luck... Thanks for any help!!
Christian Haugen
Greenhorn

Joined: Jul 06, 2007
Posts: 5
Alrighty, figured out the port number thing, just had to change the port number in server.xml from 8443 to 443. But still stuck on the http to https issue, anyone?
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2510
    
  10

From http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
If you change the port number here, you should also change the value specified for the redirectPort attribute on the non-SSL connector. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet 2.4 Specification.
Regards, Jan


OCUP UML fundamental and ITIL foundation
youtube channel
Christian Haugen
Greenhorn

Joined: Jul 06, 2007
Posts: 5
hmm, don't really seem to understand what you mean. From what i understand it just tells me to change the redirect port in the non ssl connector so that it will redirect you directly to a https connector. This is what my non https connector looks like right now. And I can still go straight to the http://myadress without any hitches at all..

<Connector port="80" protocol="HTTP/1.1"

redirectPort="443" />
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Christian Haugen:
Alrighty, figured out the port number thing, just had to change the port number in server.xml from 8443 to 443. But still stuck on the http to https issue, anyone?


Are you trying to force the user into SSL?
This is done with a security-constraint entry in your application's deployement descriptor (web.xml)

Look at section SRV.12.8.2 in the servlet spec for an example.
There is a link to the servlet spec in my signature.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2510
    
  10

Yes, this is what my quote refers to. You have to set the redirect on the non-https port, and apply the security constraints as specified in the Servlet 2.4 Specification.
You need to perform both configurations to make it work.

Regards, Jan
Christian Haugen
Greenhorn

Joined: Jul 06, 2007
Posts: 5
Hmm, I feel like I have already done that but I am sure some of my configuration is wrong.

<security-constraint>
<web-resource-collection>
<web-resource-name>all-except-attachments</web-resource-name>
<url-pattern>*.js</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspa</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>/cas/WEB-INF/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>

I have experimented with various url-pattern without any luck. Is there something that I am missing? I run a deployment of cas (central authentication service) in the tomcats webapps folder. Do I need to include filters aswell? Thanks!
[ July 09, 2007: Message edited by: Christian Haugen ]
Christian Haugen
Greenhorn

Joined: Jul 06, 2007
Posts: 5
Solved it!

Simply changed it to:

<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

And woila!
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Thanks for posting back with your solution.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to remove the port number in https adress?