Sunday, July 21, 2013

Beware of in web.xml

I have a Spring Security project sharing across two servers, one is a normal Tomcat, and another one with SSL configured. At one point, I have this code configured in web.xml:
The above code gives an instruction that only HTTPS is allowed to connect to the application. If I’m deploying the project into the Tomcat without SSL configure, I will hit the HTTP 404 error. This was quite annoying every time I deploy the code into 2 different servers where I need to comment and un-comment and then comment it back again and again. Until I found there is a solution to overcome this issue which is by configures this in Server’s web.xml. I am referring to the server project right inside the Eclipse workspace, not the physical Tomcat installation directory.

According to forum, if <transport-guarantee>CONFIDENTIAL</transport-guarantee> is omit, this will indicate that the application can be connect using HTTPS and HTTP. Otherwise Tomcat will automatically route to HTTPS.

No comments: