This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java and have Dr. Raoul-Gabriel Urma & Richard Warburton on-line!
See this thread for details.
Win a copy of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Bear Bibeault
  • Liutauras Vilda
  • Devaka Cooray
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • Henry Wong
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

Forcing SSL but not in web.xml -- how?

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm using the Google Web Toolkit (GWT) inside Eclipse to develop web applications that require a secure SSL connection. Normally (as in when writing non-GWT web applications) I would simply include a security-constraint in web.xml and be done with it. I added a self-signed certificate to the built-in Tomcat and simply told my browser to accept it and I could do my development simulating the production environment. However, working with GWT, you do your development work in hosted mode and not using a real browser and hosted mode does not like SSL. Right now, I'm simply commenting out the security-constraint in web.xml and hopefully remembering to uncomment it either when I build the war file or after I move the application o the production server. Either way, the odds that I forget that step are pretty good.

Do you know of anyway out of this predicament? Is there anyway, for example, that I can globally add a security-constraint in Tomcat, perhaps in server.xml?

Thanks,
Rob

 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The server.xml file has explicit <Connector ...> entries for the secure and non secure ports.
You could always comment out the non-secure one.

That would globally enforce an SSL requirement.

You might also look into 'valves'.
Valves are just like servlet filters but are container wide.

 
Saloon Keeper
Posts: 21715
148
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's a slightly different approach. If you build the app using Maven, you can use Maven's profile feature to control which copy of a web.xml gets put into the WAR.

The downside is that you have to do parallel maintenance on the 2 web.xml files and you have to remember to build using the proper profile, but that way you don't have to do esoteric things to Tomcat.
 
I didn't say it. I'm just telling you what this tiny ad said.
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!