HTTPS and HTTP on tomcat

HTTPS and HTTP on tomcat

1. Configuration on web.xml under WEB-INF
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/user.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

2. Configuration under server.xml
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="443"/>
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="d://tool/tomcat.jks"
               keystorePass="******"/>
3. share data from HTTP to HTTPS
I found a easy way, share the information via session.


references:
http://en.wikipedia.org/wiki/Same_origin_policy
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
http://www.nuwanbando.com/2010/05/sharing-https-http-sessions-in-tomcat/