Home/ Questions/Q 488011
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T01:39:49+00:00

Can I set Tomcat (or my webapp if it’s done that way) to require

  • 0

Can I set Tomcat (or my webapp if it’s done that way) to require SSL for confidentiality of the built-in Form-Based Login mechanism?

i.e. to protect the users credentials, and use standard http for any other transactions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can put your login forms in its own directory and just require SSL for the directory,

    <security-constraint>
  <display-name>Login Pages</display-name>
  <web-resource-collection>
     <web-resource-name>Login</web-resource-name>
     <url-pattern>/login/*</url-pattern>
     <http-method>POST</http-method>
  </web-resource-collection>
  <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

    Make sure your login form is in this path,

    <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login/form_login.jsp</form-login-page>
    <form-error-page>/login/error.jsp</form-error-page>
  </form-login-config>
</login-config>

    Of course, you need to have a SSL connector setup on your Tomcat.

    • 0