Solved

Spring App - How to specify which URL's to be accessed through https

Posted on 2008-09-30
4
660 Views
Last Modified: 2013-12-02
Hi I'm pretty new to web programming and am trying to implement SSL.

I've done the tomcat configuration and installed the keys using keytool. I am able to access the application both using http and https

My web application is on Java Springs. I wanted to know if there is any place where I can specify which URL should be accessed through https. Initially I just want the login page to be accessed via https.

I know one way would be to directly put the full URL including https in all pages that have link to https - for instance call the login.jsp as follows
<a href="https://www.xxxxxx.com/login.jsp">Login</a>

But I dont think this is the right approach. Because in the entire App i'm using relative URL's - so once I forward the users to login.jsp via https - after that all the subsequent clicks will be accessed via https.

I hope my question is clear.
Appreciate your responses
Thanks
0
Comment
Question by:gublooo
4 Comments
 
LVL 50

Expert Comment

by:Steve Bink
ID: 22704438
I don't know anything about Java Spring or Tomcat, but you can do this with mod_rewrite in Apache.  Something like this:

RewriteCond ${HTTPS} !^on$
RewriteRule ^/?login.jsp$ https://mydomain.com/login.jsp [R=301]
0
 
LVL 1

Accepted Solution

by:
MrMarshall earned 500 total points
ID: 22710797
Actually, I'm going to assume you are using a recent version of Tomcat 5.5 or Later. Which adheres to Servlet Spec 2.4.

So, you would specify in your deployment descriptor file. (web.xml) a transport guarantee element set to confidential this will force the

i.e. Add the following security constraint to your web.xml file. Spring Security can be further configured to handle the authentication and authorization.  Note the URL pattern is that of the resources you wish to protect via ssl.  You have said you have already configured tomcat to support SSL access to those pages. This handles your confidentiality requirement.
<security-constraint>

        <web-resource-collection>

             <web-resource-name>MyApp</web-resource-name>

             <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <user-data-constraint>

        <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

  </security-constraint>

Open in new window

0
 

Author Comment

by:gublooo
ID: 22738469
Thanks Marshall -
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reducing the size of certificate chain 2 64
github account with ecipse 1 42
HSSFWorkbook cannot be resolved error 10 51
netstat -ano | find "8000" and taskkill /f /pid 2984 3 39
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now