[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Spring App - How to specify which URL's to be accessed through https

Posted on 2008-09-30
4
Medium Priority
?
668 Views
Last Modified: 2013-12-02
Hi I'm pretty new to web programming and am trying to implement SSL.

I've done the tomcat configuration and installed the keys using keytool. I am able to access the application both using http and https

My web application is on Java Springs. I wanted to know if there is any place where I can specify which URL should be accessed through https. Initially I just want the login page to be accessed via https.

I know one way would be to directly put the full URL including https in all pages that have link to https - for instance call the login.jsp as follows
<a href="https://www.xxxxxx.com/login.jsp">Login</a>

But I dont think this is the right approach. Because in the entire App i'm using relative URL's - so once I forward the users to login.jsp via https - after that all the subsequent clicks will be accessed via https.

I hope my question is clear.
Appreciate your responses
Thanks
0
Comment
Question by:gublooo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Expert Comment

by:Steve Bink
ID: 22704438
I don't know anything about Java Spring or Tomcat, but you can do this with mod_rewrite in Apache.  Something like this:

RewriteCond ${HTTPS} !^on$
RewriteRule ^/?login.jsp$ https://mydomain.com/login.jsp [R=301]
0
 
LVL 1

Accepted Solution

by:
MrMarshall earned 2000 total points
ID: 22710797
Actually, I'm going to assume you are using a recent version of Tomcat 5.5 or Later. Which adheres to Servlet Spec 2.4.

So, you would specify in your deployment descriptor file. (web.xml) a transport guarantee element set to confidential this will force the

i.e. Add the following security constraint to your web.xml file. Spring Security can be further configured to handle the authentication and authorization.  Note the URL pattern is that of the resources you wish to protect via ssl.  You have said you have already configured tomcat to support SSL access to those pages. This handles your confidentiality requirement.
<security-constraint>
        <web-resource-collection>
             <web-resource-name>MyApp</web-resource-name>
             <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
  </security-constraint>

Open in new window

0
 

Author Comment

by:gublooo
ID: 22738469
Thanks Marshall -
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question