<transport-guarantee>
This element defines a guaranteed level of data protection for the transport of data between the client and server (both ways).
Permitted values
- NONE - no special transport guarantees (this is the default if there is no user-data-constraint defined)
- INTEGRAL - data must be sent in a way that guarantees it cannot be changed during transmission (ie: data is checksummed, SSL achieves this)
- CONFIDENTIAL - data must be sent in a way that guarantees it canot be observed (or changed) during transmission (ie: data is encrypted, SSL achieves this)
How it works (in Tomcat)
- When a client request arrives, the container checks the transport-guarantee for the requested URI. For example, if your <url-pattern> is set to /* then all URIs are protected.
- If the data protection level is set to INTEGRAL or CONFIDENTIAL, and the user is not already using SSL, then a redirect is sent to the client, redirecting to the same URI, but using the port defined in the redirectPort attribute in the <Connector> element in server.xml. By default, this is 443, so in other words the user is redirected to the same page using SSL.
See Also