WAS

Tomcat web.xml http->https 강제적용

Lawmin 2017. 10. 12. 14:32

1. web.xml 을 만들어 아래와 같이 등록합니다.

(web.xml은 Eclipse 웹 프로젝트에서 Java EE Tools > Generate Deployment Descriptor Stub 메뉴를 눌러 생성가능)


2. https 제외할 패턴은 NONE, 적용할 패턴은 CONFIDENTIAL 로 등록하면 됩니다. (순서대로 적용)


<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">

  <display-name>사이트명</display-name>

  <welcome-file-list>

    <welcome-file>index.jsp</welcome-file>

  </welcome-file-list>

  <security-constraint>   

    <web-resource-collection>      

    <web-resource-name>Non-secure</web-resource-name>      

    <url-pattern>/제외할패턴.jsp</url-pattern>   

    </web-resource-collection>   

    <user-data-constraint>      

    <transport-guarantee>NONE</transport-guarantee>   

    </user-data-constraint>

  </security-constraint>

  <security-constraint>   

    <web-resource-collection>      

    <web-resource-name>Secured</web-resource-name>      

    <url-pattern>/*</url-pattern>   

    </web-resource-collection>   

    <user-data-constraint>      

    <transport-guarantee>CONFIDENTIAL</transport-guarantee>   

    </user-data-constraint>

  </security-constraint>

</web-app>