Redirecting every HTTP request to HTTPS

Question

Redirecting every HTTP request to HTTPS

I know the answer is:

<security-constraint> 
    <web-resource-collection> 
        <web-resource-name>All resources</web-resource-name> 
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

and it works very well, but only if it's the only security limitation in the web.xml.

Once I add the second security constraint, something like this:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin section</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>USER</role-name>
    </auth-constraint>
</security-constraint>

redirection stops working for URLs pointing to the admin section (in which case the app shows a login form).

Is there a way to enable redirection globally via web.xml or wildfly config?

PS: tested on wildfly 8.2

+3

java web-applications wildfly web.xml

Alf 04 dec. 14 at 19:19

source to share

1 answer

JuliuszJ · Answer 1 · 2015-06-24T19:05:28+0000

Have you tried adding a "user data constraint" to the second "security constraint"?

Redirecting every HTTP request to HTTPS

More articles: