: Where to place web.xml outside WAR file for secure redirect? I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files. I'd like to force
I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files.
I'd like to force some of those apps to always use SSL. (All the "SSL" apps are in one service; other apps outside this discussion are in another service.)
I've figured out how to use confweb.xml to redirect apps from HTTP to HTTPS, but that applies to all applications hosted by Tomcat. I've also figured out how to put web.xml in an unpacked app's web-inf directory; that does the trick for that specific app, but runs the risk of being overwritten if our vendor gives us a new war file to deploy.
I've also tried placing the web.xml file in various places under confservicehost, or under appbase, but none seem to work.
Is it possible to redirect some apps to SSL without forcing all apps to redirect, or to put the web.xml file inside the extracted WAR file?
Here's my server.xml:
<Service name="secure">
<Connector port="80" connectionTimeout="20000" redirectPort="443"
URIEncoding="UTF-8" enableLookups="false" compression="on"
protocol="org.apache.coyote.http11.Http11Protocol"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"/>
<Connector port="443"
URIEncoding="UTF-8" enableLookups="false" compression="on"
protocol="org.apache.coyote.http11.Http11Protocol"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"
scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
keystoreFile="..." keystorePass="..." keystoreType="PKCS12"
truststoreFile="..." truststorePass="..." truststoreType="JKS"
clientAuth="false"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/>
<Engine name="secure" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps" unpackWARs="false"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
<Service name="mutual-secure">
...
</Service>
The content of the web.xml files I'm playing with is:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee java.sun.com/xml/ns/javaee/web-app_3_0.xsd
version="3.0"
metadata-complete="true">
<security-constraint>
<web-resource-collection>
<web-resource-name>All applications</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>Redirect all requests to HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
(For confweb.xml the security-constraint is added just before the end of the existing file, rather than create a new file.)
My webapps directory (currently) contains only the WAR files.
More posts by @LarsenBagley505
1 Comments
Sorted by latest first Latest Oldest Best
I'm not aware of additional locations where you can have web.xml files for Tomcat.
One thing that I do is run Tomcat as a secondary server on port 8080 behind Apache. I use mod_proxy to reverse proxy domains from Apache port 80 to Tomcat port 8080. This way I can put all the SSL onto Apache and configure Apache for the non-SSL redirects using virtual hosts. That way the logic for the SSL is configured separately and outside the control of the webapps.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.