<transport-guarantee>

This element defines a guaranteed level of data protection for the transport of data between the client and server (both ways).

Permitted values

  • NONE - no special transport guarantees (this is the default if there is no user-data-constraint defined)
  • INTEGRAL - data must be sent in a way that guarantees it cannot be changed during transmission (ie: data is checksummed, SSL achieves this)
  • CONFIDENTIAL - data must be sent in a way that guarantees it canot be observed (or changed) during transmission (ie: data is encrypted, SSL achieves this)

How it works (in Tomcat)

  • When a client request arrives, the container checks the transport-guarantee for the requested URI. For example, if your <url-pattern> is set to /* then all URIs are protected.
  • If the data protection level is set to INTEGRAL or CONFIDENTIAL, and the user is not already using SSL, then a redirect is sent to the client, redirecting to the same URI, but using the port defined in the redirectPort attribute in the <Connector> element in server.xml. By default, this is 443, so in other words the user is redirected to the same page using SSL.

See Also

navigation
metawerx specific
search
Share
tools
help

referring pages

Share