I'm using tomcat 7 and I would like to disable SSL traffic origination from localhost only! and enable it for inbound traffic.
I have added the following config to web.xml
and it's currently redirects traffic from http to https.
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/info</url-pattern>
</web-resource-collection>
<!-- OMIT auth-constraint -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>
I have a custom backup tool on my server that doesn't work with HTTPs therefore I'm looking to disable HTPPs on localhost.
you can comment below line in your server.xml file.
<Connector port="8443" ... SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" ... />
hope this will help !!
You can disable specific url just putting NONE on transport-guarantee tag, check Is security-constraint configuration for Tomcat mandatory?
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/info/*</url-pattern>
<url-pattern>/info2/*</url-pattern>
<url-pattern>/info3/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.