The following post shows how to easily redirect HTTP to HTTPS in Tomcat servlet container that it always requires secure connection. It was assumed that the following TCP ports are used for that purpose:
8080: for HTTP
8443: for HTTPS
- Edit you server.xml file located in conf folder of tomcat installation directory
<Connector port="8080" protocol="HTTP/1.1" redirectPort="443"/> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="s00perSeeekrit"/>
- Add below entry in web.xml of your tomcat conf folder.
<security-constraint> <web-resource-collection/> <web-resource-name>HTTPSOnly</web-resource-name> <url-pattern>/*</url-pattern </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
- Restart Tomcat.