This element defines a guaranteed level of data protection for the transport of data between the client and server (both ways).

Permitted values

  • NONE - no special transport guarantees (this is the default if there is no user-data-constraint defined)
  • INTEGRAL - data must be sent in a way that guarantees it cannot be changed during transmission (ie: data is checksummed, SSL achieves this)
  • CONFIDENTIAL - data must be sent in a way that guarantees it canot be observed (or changed) during transmission (ie: data is encrypted, SSL achieves this)

How it works (in Tomcat)

  • When a client request arrives, the container checks the transport-guarantee for the requested URI. For example, if your <url-pattern> is set to /* then all URIs are protected.
  • If the data protection level is set to INTEGRAL or CONFIDENTIAL, and the user is not already using SSL, then a redirect is sent to the client, redirecting to the same URI, but using the port defined in the redirectPort attribute in the <Connector> element in server.xml. By default, this is 443, so in other words the user is redirected to the same page using SSL.

See Also

metawerx specific

referring pages