My web app is running, so that access to /admin/login.jsp
happens over an unsecure HTTP connection.
I do not want to change web.xml file.
How can I change access to /admin/login.jsp
from HTTP to HTTPS without editing the web.xml
file?
Is there a way other than changing the web.xml
file?
Best Answer
Are you using Apache in front of Tomcat?
Yes? Well, that's easy. Read my answer about redirecting HTTP to HTTPS here.
No? Well, you should be. Not only does Apache make an excellent reverse-proxy for Tomcat JSPs, but it also allows you to do things like rewriting URLs onto HTTPS, as well as caching with a number of modules for Apache.
Quick answer: Use apache, redirect /admin/login.jsp to HTTPS and use Apache to wrap everything up in a sexy little SSL transaction