What is the redirectPort setting in Tomcat's server.xml?
Publication date:January 2, 2021
INFOMARTION > What is the redirectPort setting in Tomcat's server.xml?
summary
When I looked at the port setting in Tomcat's server.xml configuration, there was a setting called "redirectPort", but I couldn't figure out what this setting was when I googled it, so I looked it up.
The following settings.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Table of Contents
1. What is redirectPort?
As it turns out, the setting seems to redirect when accessing a page that specifies that SSL is required.
If the server.xml configuration values were as follows
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
If the URL "http://hoge:8080/hoge.html" is accessed, it seems to redirect the user to access the URL "https://hoge:8443/hoge.html".
SSL must be defined in the "web.xml" file. SSL is required by setting "<transport-guarantee>CONFIDENTIAL</transport-guarantee>". The following information should be included in the web.xml file
~omission~
<security-constraint>
<web-resource-collection>
<web-resource-name>twx-portal</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
Since the url-pattern is "/", this setting makes SSL mandatory for all URLs and redirects them. If you do not specify that SSL is required, this setting is not used. Although "redirectPort="8443" is set by default in Tomcat, the setting that activates the 8443 port itself seems to be disabled by default in Tomcat. Therefore, there may be many people who set "redirectPort="8443" but do not activate the 8443 port to which they are redirected without being aware of it.
1-1. reason
I would like to describe the basis for the above conclusion. The Tomcat page states the following
http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
「If you change the port number here, you should also change the value specified for the redirectPort attribute on the non-SSL connector. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.」
The point is to "access a page with security constraints specifying that SSL is required, as required by the servlet specification. This is the web.xml setting we just configured. The point is that SSL is required by the servlet specification and redirects when it is applied.
2. summary
The following is a description of the redirectPort settings to be included in Tomcat's server.xml. Please refer to it when setting the redirectPort.
Thank you for taking the time to read this to the end.
■INFORMATION
Please click here to go to the top page of INFORMATION.
■PROFILE
Please click here to view the profile.
■For inquiries, please contact