I have a single war cuba application deployed to Tomcat 8. The server is already SSL-enabled and configured. I want to force all access to my application to run over HTTPS. I tried adding this to my modules/web/WEB-INF/web.xml file:
<security-constraint> <web-resource-collection> <web-resource-name>prm</web-resource-name> <url-pattern>/prm/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
However, I can still access my application using HTTP (www.mysite.com/prm/). It does not indicate redirection to HTTPS.
I also tried changing the url-pattern “/prm/*” to “/*”. No difference. I can still access via HTTP.
What is the correct way to force HTTPS access on Tomcat 8 for a Cuba app?