Needed to find a solution to use the Liferay/Tomcat web application server to redirect all incoming HTTP requests to HTTPS for secure login username and password.
Found a WIKI on Jakarta/Tomcat describing a similar situation which went into detail how to add a “security constraint” section to the Tomcat web.xml file. Even with Tomcat configured to listen on both port 80 and 443, with this particular section of code, all inbound requests to our Teaming portal on port 80 were automatically redirected to port 443 (SSL) before logging into the Teaming portal.
Here’s the example I used … It needs to be placed at end of the web.xml file located in the following directory:
<security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- auth-constraint goes here if you requre authentication --> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
By adding this section just after the </welcome-file-list> tag and right above the </web-app> end tag, the icecore app needed to restarted in order for the changes to take effect. Then once any user attempted to use the non-secure URL (http://) they automatically get redirected to the secure URL (https://) before entering their login credentials.
Our current setup only consists of a single server running SLES 10 SP1 without Apache and eDirectory. Only the Liferay/Tomcat web apps are installed and running.