How do you start a java servlet over https?

Question

I am trying to run a servlet on tomcat in eclipse. When i do run on server, the servlet runs and provides me with a link like follows:

\"http://localhost:8443/AuthServe

Answer 1

If I understand your problem correctly, you are publishing a URL for http from a web page served by your servlet.
If you need to change the request to be https instead you should redirect your plain http connector (in port 80 or 8080 where you have it) to connector for port 443.
If you google tomcat redirect http to https you wil find plenty of links e.g. redirect tomcat to https

But I would recomend that you did not redirect if you are interested in real security

Answer 2

In TOMCAT_HOME/conf folder, there’s a file named web.xml. In there, you have to add a security-constraint element.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>secured page</web-resource-name>
        <url-pattern>/...</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Make sure that <url-pattern> matches your path that you want to be secured.

Answer 3

If you want to be sure to use the https protocol when you send request to that servlet you need to change the WEB-INF/web.xml file in your web application. In your case add this configuration params:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AuthServer</web-resource-name>
        <url-pattern>/Server</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>