I have 2 apache tomcat applications that I want to redirect to HTTPS, but I also have an IIS application running on the same server which I do not want to redirect. If I place a security constraint like this
<security-constraint><web-resource-collection><web-resource-name>Secured</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>into the tomcat main conf/web.xml file eveything gets redirected to https and my IIS application fails with the error
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.</string>Tomcat is listening on ports 9080 (HTTP) and port 4433 (HTTPS). IIS is listening on port 9088 (HTTP). For some reason I do not understand, Tomcat is redirecting traffic on port 9088 to a secure channel.
My tomcat sites work as desired redirecting to the HTTPS port (in my case 4433).If I remove the constraint, I can access my tomcat sites with HTTP and HTTPS and continue to access the IIS site with HTTP and everything I require works, but people can still access the tomcat sites with HTTP which is not what I want to allow. I want to force them to HTTPS.
Ideally, I need Tomcat to redirect only those applications on HTTP port 9080 to HTTPS port 4433 and leave everything else that is on IIS to continue using HTTP.
I have tried putting the constraint into just the tomcat applications web.xml files, removing it from conf/web.xml, but this does not redirect to HTTPS. I may be doing this incorrectly and I cannot find any examples about how to do it, site by site. All examples are for eveything.
I've also played around with the URL pattern trying things like9080/*/ApplicationFolder/*
but nothing seems to work. I get no redirection unless the URL pattern is /* and it has to be in the conf/web.xml file.