Redirecting every HTTP request to HTTPS
I know the answer is:
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and it works very well, but only if it's the only security limitation in the web.xml.
Once I add the second security constraint, something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin section</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
redirection stops working for URLs pointing to the admin section (in which case the app shows a login form).
Is there a way to enable redirection globally via web.xml or wildfly config?
PS: tested on wildfly 8.2
+3
source to share