Tuesday, 12 December 2017

Redirection from http to https (tomcat example)

This tutorial will explain how to enable SSL and redirection of http to https using tomcat.

Installations used for this example:

  • JDK (7)
  • Apache Tomcat (8) 

Create .keystore file 

Open cmd prompt and run following command -

"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

After executing above command it will prompt for few questions like, password for keystore, First Name Last Name, etc. you need to provide details accordingly.

[Above example has added some sample/test values, you specify the inputs as per requirement, also make sure that, JAVA_HOME is set before executing above command]

Once this command is executed successfully, a .keystore file will be created at your user home folder. E.g. C:\Users\<USERNAME>\

Tomcat Configurations to use generated keystore file

Go to tomcat installation folder, open server.xml file under conf/
There you can find following declaration is commented

    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

Edit above entry in server.xml by uncommenting it like below -

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="8443" keystoreFile="conf/keystore/.keystore" keystorePass="test123"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />

Note in above part, you need update few values as per your settings 
keystorePass - as per password you set while generating the .keystore file earlier in this tutorial.
keystoreFile - path where your .keystore file is kept. 
                       [in this example I have copied generated .keystore file from default location to tomcat_dir/conf/keystore/] you can use either way.

After above changes save the server.xml file

Now open web.xml file under /conf directory in tomcat installation

Add following snippet in this file in the end, just before </web-app>

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Save the web.xml file.

And start the tomcat instance.

Configure WebApplication to work with SSL

In order to work your web application with above configured SSL. edit web.xml file of your application to add following entry in it.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Deploy your application to tomcat, and test.
All the http calls will now redirect to https on port 8443.



Cheers!!

No comments:

Post a Comment