If you want to enable HTTPS configuration in your J2EE web application then you should add the following lines in web.xml file under your WEB-INF folder.
<security-constraint>
<display-name>MyWebApp</display-name>
<web-resource-collection>
<web-resource-name>MyWebApp</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
this will redirect any attempt to use your application on HTTP to HTTPS.
<security-constraint>
<display-name>MyWebApp</display-name>
<web-resource-collection>
<web-resource-name>MyWebApp</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
this will redirect any attempt to use your application on HTTP to HTTPS.
No comments:
Post a Comment