?
Solved

Spring App - How to specify which URL's to be accessed through https

Posted on 2008-09-30
4
Medium Priority
?
666 Views
Last Modified: 2013-12-02
Hi I'm pretty new to web programming and am trying to implement SSL.

I've done the tomcat configuration and installed the keys using keytool. I am able to access the application both using http and https

My web application is on Java Springs. I wanted to know if there is any place where I can specify which URL should be accessed through https. Initially I just want the login page to be accessed via https.

I know one way would be to directly put the full URL including https in all pages that have link to https - for instance call the login.jsp as follows
<a href="https://www.xxxxxx.com/login.jsp">Login</a>

But I dont think this is the right approach. Because in the entire App i'm using relative URL's - so once I forward the users to login.jsp via https - after that all the subsequent clicks will be accessed via https.

I hope my question is clear.
Appreciate your responses
Thanks
0
Comment
Question by:gublooo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Expert Comment

by:Steve Bink
ID: 22704438
I don't know anything about Java Spring or Tomcat, but you can do this with mod_rewrite in Apache.  Something like this:

RewriteCond ${HTTPS} !^on$
RewriteRule ^/?login.jsp$ https://mydomain.com/login.jsp [R=301]
0
 
LVL 1

Accepted Solution

by:
MrMarshall earned 2000 total points
ID: 22710797
Actually, I'm going to assume you are using a recent version of Tomcat 5.5 or Later. Which adheres to Servlet Spec 2.4.

So, you would specify in your deployment descriptor file. (web.xml) a transport guarantee element set to confidential this will force the

i.e. Add the following security constraint to your web.xml file. Spring Security can be further configured to handle the authentication and authorization.  Note the URL pattern is that of the resources you wish to protect via ssl.  You have said you have already configured tomcat to support SSL access to those pages. This handles your confidentiality requirement.
<security-constraint>
        <web-resource-collection>
             <web-resource-name>MyApp</web-resource-name>
             <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
  </security-constraint>

Open in new window

0
 

Author Comment

by:gublooo
ID: 22738469
Thanks Marshall -
0

Featured Post

AWS Certified Solutions Architect - Associate

This course has been developed to provide you with the requisite knowledge to not only pass the AWS CSA certification exam but also gain the hands-on experience required to become a qualified AWS Solutions architect working in a real-world environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question