SSL enabling a servlet with automatic redirection in tomcat

You first have to create your SSL certificate. You can either use a self signed certificate or get one from a certificate authority. For ease, I will use a self signed certificate here.
keytool -genkey -alias alias -keystore .keystore
Just answer the questions and choose a sensible password for your keystore.

Now you have to assure your tomcat installation accepts SSL connections. For this you have to edit the “server.xml” file. The connections should look something like this

    <Connector port="80" address="${jboss.bind.address}"    
         maxThreads="250" maxHttpHeaderSize="8192"  
         emptySessionPath="true" protocol="HTTP/1.1"
         enableLookups="false" redirectPort="443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true" />

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="250" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/data/secure/.keystore"
               keypass="mypassword" />

It is important that the redirectPort for the “http” connector points to the port for the ssl enabled connector.
Apart from that, assure the path to your keystore and keystore password are correct.
In this example the standard ports are used. Note that this is only possible on linux systems when your tomcat runs as root.

In your web application you have to assure that the data is always encrypted using SSL, that is, it should stay confidential.
Insert the following excerpt in your WEB-INF/web.xml file in the right location and all should work.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Automatic SLL Forwarding</web-resource-name>
      <url-pattern>/</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

Leave a Reply

Your email address will not be published. Required fields are marked *

question razz sad evil exclaim smile redface biggrin surprised eek confused cool lol mad twisted rolleyes wink idea arrow neutral cry mrgreen

*