I would like to force the web application server to use https in all urls which start with "/pages/secure/...".
I set up in web.xml the security constraints of the web application in the following way:
<security-constraint> <web-resource-collection> <web-resource-name>secure area</web-resource-name> <url-pattern>/pages/secure /*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
When I use Tomcat or Glassfish they behave as expected, i.e.
when user clicks e.g. /welcome.xhtml they use
but when user clicks e.g. /pages/secure/login.xhtml, they use
WAS always uses http and not https in the second case. The security settings in the WAS are default, set up during the WAS installation.
I use WAS version 8.5, but we plan to use versions 8.0 or 7 too.
How can I force WAS to use https?
Thanks for the hints,