Ssl – How to redirect a JSP to use HTTPS

jspservletssltomcat

My web app is running, so that access to /admin/login.jsp happens over an unsecure HTTP connection.

I do not want to change web.xml file.

How can I change access to /admin/login.jsp from HTTP to HTTPS without editing the web.xml file?

Is there a way other than changing the web.xml file?

Best Answer

Are you using Apache in front of Tomcat?

Yes? Well, that's easy. Read my answer about redirecting HTTP to HTTPS here.

No? Well, you should be. Not only does Apache make an excellent reverse-proxy for Tomcat JSPs, but it also allows you to do things like rewriting URLs onto HTTPS, as well as caching with a number of modules for Apache.

Quick answer: Use apache, redirect /admin/login.jsp to HTTPS and use Apache to wrap everything up in a sexy little SSL transaction

Related Solutions

Remove WWW and Redirect to HTTPS with Nginx

The best way to accomplish this is using three server blocks: one to redirect http to https, one to redirect the https www-name to no-www, and one to actually handle requests. The reason for using extra server blocks instead of ifs is that server selection is performed using a hash table, and is very fast. Using a server-level if means the if is run for every request, which is wasteful. Also, capturing the requested uri in the rewrite is wasteful, as nginx already has this information in the $uri and $request_uri variables (without and with query string, respectively).

server {
    server_name www.example.com example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate /path/to/server.cert;
    ssl_certificate_key /path/to/server.key;
    server_name www.example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate /path/to/server.cert;
    ssl_certificate_key /path/to/server.key;
    server_name example.com;

    <locations for processing requests>
}

Serve HTTPS Only for One Vhost-Managed Domain in Nginx – How To

In short: nope. As far as nginx is concerned, you've told it that all connections to port 443 are SSL connections for that vhost, and it's just doing what you told it. By the time it can see the Host: header in the request, the SSL negotiation has been done (absent SNI, which is really only going to help if you've got certs for all your domains and are being hit by an SNI-aware browser).

Best Answer

Related Solutions

Remove WWW and Redirect to HTTPS with Nginx

Serve HTTPS Only for One Vhost-Managed Domain in Nginx – How To

Related Topic