Solved

Spring App - How to specify which URL's to be accessed through https

Posted on 2008-09-30
4
665 Views
Last Modified: 2013-12-02
Hi I'm pretty new to web programming and am trying to implement SSL.

I've done the tomcat configuration and installed the keys using keytool. I am able to access the application both using http and https

My web application is on Java Springs. I wanted to know if there is any place where I can specify which URL should be accessed through https. Initially I just want the login page to be accessed via https.

I know one way would be to directly put the full URL including https in all pages that have link to https - for instance call the login.jsp as follows
<a href="https://www.xxxxxx.com/login.jsp">Login</a>

But I dont think this is the right approach. Because in the entire App i'm using relative URL's - so once I forward the users to login.jsp via https - after that all the subsequent clicks will be accessed via https.

I hope my question is clear.
Appreciate your responses
Thanks
0
Comment
Question by:gublooo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Expert Comment

by:Steve Bink
ID: 22704438
I don't know anything about Java Spring or Tomcat, but you can do this with mod_rewrite in Apache.  Something like this:

RewriteCond ${HTTPS} !^on$
RewriteRule ^/?login.jsp$ https://mydomain.com/login.jsp [R=301]
0
 
LVL 1

Accepted Solution

by:
MrMarshall earned 500 total points
ID: 22710797
Actually, I'm going to assume you are using a recent version of Tomcat 5.5 or Later. Which adheres to Servlet Spec 2.4.

So, you would specify in your deployment descriptor file. (web.xml) a transport guarantee element set to confidential this will force the

i.e. Add the following security constraint to your web.xml file. Spring Security can be further configured to handle the authentication and authorization.  Note the URL pattern is that of the resources you wish to protect via ssl.  You have said you have already configured tomcat to support SSL access to those pages. This handles your confidentiality requirement.
<security-constraint>
        <web-resource-collection>
             <web-resource-name>MyApp</web-resource-name>
             <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
  </security-constraint>

Open in new window

0
 

Author Comment

by:gublooo
ID: 22738469
Thanks Marshall -
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question