I have an application that has a Web interface using an embeded Tomcat 4 Server. I need to make it available to users over the Internet and want to secure it with SSL. It originally worked on port 8080 but I successfully modified the SERVER.XML to make it work over port 80. I also sucessfully installed a public SSL Certificate from DigiCert and created an SSL connector so that if you specify
https://myserver.domain.com you can access the app over SSL on port 443. The final piece of the puzzle I've been struggling with is automatically redirecting http: requests to https: All the Tomcat forums say this is pretty simple, all you need to do is add a bit of code to either the server or app's web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-contraint>
</security-constraint>
When I enter this code and restart Tomcat, the app stops working on all ports. I just get a '404' resource not found on the default page or any other. I'm sure I'm missing something but I have no idea what. Are there Any Tomcat gurus out there that can point me in the right direction?