If you have not already configured your Tomcat instance then you can follow the instructions here.
By following the above article, you will be fulfilling all the prerequisites and you will be able to proceed to the next step. To enforce your application to work with SSL, the following is the additional step that needs to be done. You will need to add the following code snippet into your application’s web.xml file.
<security-constraint> <web-resource-collection> <web-resource-name>YOUR SECURED WEBAPP NAME</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Observe the following things from this setting that you’ll be putting in your web.xml file:
- The url-pattern tag above is set to /* so that any page or resource of your web application needs to be accessed via HTTPS only.
- The transport-guarantee tag above is set to CONFIDENTIAL, to ensure that your application is accessible via HTTPS only.
- For these changes to take effect, save the web.xml file, and restart your TOMCAT / TomEE service.
- In case you want to turn off the SSL settings, you don’t really have to remove this whole setting but mark the transport-guarantee tag to NONE instead of CONFIDENTIAL and restart your TOMCAT / TomEE instance.