Automatic HTTP to HTTPS redirection in Tomcat

Automatically we can redirect non secure HTTP URL to secure HTTPS URL in tomcat. Any web application to secure the data transfer we use to configure https access. Some times even after setting up the https  default http still accessible . This could a security thread for the application.

Assuming your already configured HTTPS access for the application , Now we need do the change web.xml in tomcat under apache-tomcat-8.0.36/conf/web.xml to redirect all non http access to https.

<!-- Added to redirect http to https -->
<web-resource-name>Whole Application</web-resource-name>

Now when we access http://localhost:8080/myapp it will be redirected to https://localhost:443/myapp


Post a Comment

Powered by Blogger.