• 1 reply
  • Latest Post - ‏2013-07-22T18:23:51Z by bergmark
7 Posts

Pinned topic HTTPS Redirect based on Web Content Folder Structure

‏2013-07-20T23:34:54Z | folder https ldap login redirect secure

My Liberty appliction works with an entry panel that is normal HTTP mode pointing to folder /public and should redirect the LOGIN screen into a secure HTTPS mode from folder /public/secure, which runs the aplication screens in a secure mode. User authentication works through LDAP. Once the autentication is done there should be an ongoing access protection for folder /public/secure, following a similar structure as the previous Smash server technology. Is there an example available that illustrates the HTTPS redirect process in the setup files server.xml and web.xml?

For now I've disabled the HTTP access in the server.xml, forcing the HTTPS mode.

 <httpEndpoint host="*" httpPort="-1" httpsPort="9443" id="defaultHttpEndpoint" tcpOptionsRef="${server.config.dir}"/>           
 <keyStore id="defaultKeyStore" password="{xor}xxxxxxxxxxxxxxxxxx" />  

Is there a better setup available that leaves /public open for access and protects /public/secure?

Thanks in advance for your thoughts and feedback. 


  • bergmark
    42 Posts

    Re: HTTPS Redirect based on Web Content Folder Structure


    One option might be to define a security-constraint in your web.xml for /public/secure with a CONFIDENTIALtransport-guarantee.