Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
365 views
in Technique[技术] by (71.8m points)

web.xml - Is security-constraint configuration for Tomcat mandatory?

In order to do an SSL Configuration testing under Tomcat, is this all mandatory?

This below line is taken from a website:

In order to do this for our test, take any application which has already been deployed successfully in Tomcat and first access it through http and https to see if it works fine. If yes, then open the web.xml of that application and just add this XML fragment before web-app ends i.e </web-app>:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Is this configuration is mandatory to do inside a web.xml file ??

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

No, it's not necessary. It means that your web application only available through HTTPS (and not available through HTTP).

If you omit the <transport-guarantee>CONFIDENTIAL</transport-guarantee> tag (or the whole <security-constraint>) your application will be available through both HTTP and HTTPS. If your web.xml contains <transport-guarantee>CONFIDENTIAL</transport-guarantee> Tomcat automatically redirects the requests to the SSL port if you try to use HTTP.

Please note that the default Tomcat configuration does not enable the SSL connector, you have to enable it manually. Check the SSL Configuration HOW-TO for the details.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...