Difference between version and version      View first change»»

Back to ForcingSSLForSectionsOfYourWebsite, or ForcingSSLForSectionsOfYourWebsite version history

At line 3 changed 1 line.
!Date: 25-Nov-2006
!Date: 25-Nov-2006, updated 02-Sep-2017
At line 77 added 20 lines.
!Advanced - Enforcing a 301 redirect (02-Sep-2017)
By default, using a security-constraint will cause the container to redirect from HTTP to HTTPS using a 302 (Found) status code.
For SEO purposes, a 301 (Moved Permanently) status code may be preferred. Be aware that this will instruct clients that the page has permanently moved and not to bother checking the http version any longer.
Since Tomcat 7.0.70, 8.0.37, 8.5.4, there is a new attribute __transportGuaranteeRedirectStatus__ which can be used to change the status code. This element is added to the Realm in server.xml, since the Realm is responsible for the redirect itself. In most cases, your top-level Realm will be the LockOutRealm. If you have nested Realms, you will need to add it to the relevant Realm declaration. If you don't have an existing Realm declared, the NullRealm is used by default. In this case, you will need to explicitly declare the NullRealm to add the attribute, or use the default LockOutRealm as in the example below.
Here is an example which forces the redirect to use a 301 status. Note this change goes into server.xml, not web.xml.
{{{
<Realm className="org.apache.catalina.realm.LockOutRealm" transportGuaranteeRedirectStatus="301">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
</Realm>
}}}
\\
At line 115 added 1 line.
At line 105 removed 1 line.
At line 108 removed 1 line.
[custom term papers|http://custom-paper-writing.com/]
navigation
metawerx specific
search
Share
tools
help

referring pages

Share