Solved

Spring App - How to specify which URL's to be accessed through https

Posted on 2008-09-30
4
663 Views
Last Modified: 2013-12-02
Hi I'm pretty new to web programming and am trying to implement SSL.

I've done the tomcat configuration and installed the keys using keytool. I am able to access the application both using http and https

My web application is on Java Springs. I wanted to know if there is any place where I can specify which URL should be accessed through https. Initially I just want the login page to be accessed via https.

I know one way would be to directly put the full URL including https in all pages that have link to https - for instance call the login.jsp as follows
<a href="https://www.xxxxxx.com/login.jsp">Login</a>

But I dont think this is the right approach. Because in the entire App i'm using relative URL's - so once I forward the users to login.jsp via https - after that all the subsequent clicks will be accessed via https.

I hope my question is clear.
Appreciate your responses
Thanks
0
Comment
Question by:gublooo
4 Comments
 
LVL 50

Expert Comment

by:Steve Bink
ID: 22704438
I don't know anything about Java Spring or Tomcat, but you can do this with mod_rewrite in Apache.  Something like this:

RewriteCond ${HTTPS} !^on$
RewriteRule ^/?login.jsp$ https://mydomain.com/login.jsp [R=301]
0
 
LVL 1

Accepted Solution

by:
MrMarshall earned 500 total points
ID: 22710797
Actually, I'm going to assume you are using a recent version of Tomcat 5.5 or Later. Which adheres to Servlet Spec 2.4.

So, you would specify in your deployment descriptor file. (web.xml) a transport guarantee element set to confidential this will force the

i.e. Add the following security constraint to your web.xml file. Spring Security can be further configured to handle the authentication and authorization.  Note the URL pattern is that of the resources you wish to protect via ssl.  You have said you have already configured tomcat to support SSL access to those pages. This handles your confidentiality requirement.
<security-constraint>
        <web-resource-collection>
             <web-resource-name>MyApp</web-resource-name>
             <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
  </security-constraint>

Open in new window

0
 

Author Comment

by:gublooo
ID: 22738469
Thanks Marshall -
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domino Website - Redirection 12 84
File upload fails with SSL Certificate 3 22
Apache module 5 42
Create link to folder for use with apache. 7 28
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question