tags:

views:

719

answers:

2
+2  Q: 

Tomcat: how to get the secure port number in Java?

I'd like to embed a link to a secure page of my application in one of my unsecure pages. The secure tomcat port is configured in the server.xml file. In some deployments it's 443, 8443 etc. So what I need is a way to read the secure port from tomcat configuration to use it in the link. Is that possible?

Alternatively, simply getting access to the server.xml configuration (from within the context of the request) and parsing it myself to figure out the port number is also acceptable, but less desired.

I realize there could be several connectors, and several secure ones, so I'll leave it to my program's logic to decide which one to choose. Problem is - how do I get that info?

Thanks!

+1  A: 

The most simple solution is probably to search for the server.xml file in the init() method of a servlet, parse it and store the port number somewhere. The servlet should be auto-loaded.

Another option would be to put this code into your build script and copy the value into the web.xml file at build time. But that means that you must have the same Tomcat installed locally or you must have remote access to the server.xml file.

I prefer the first solution since you can have the servlet fail early and the webapp won't come up if the port can't be determined. That way, you won't have a mysterious error at some unspecified time in the future and you won't need waste time during each request (the port number can't change without a restart of Tomcat).

Aaron Digulla  2009-08-05 15:13:20
+2  A: 

I'm pretty sure there's no API for that. You could probably keep it configurable via a servlet environ parameter in web.xml. The obvious drawback is you now have 2 places the SSL port number is configured.

Another approach is to configure security in web.xml iirc something like 

 <security-constraint>
    <web-resource-collection> 
     <web-resource-name>MyLoginPage</web-resource-name>
     <url-pattern>/login</url-pattern> 
     <http-method>GET</http-method> 
     <http-method>POST</http-method> 
    </web-resource-collection> 
    <user-data-constraint> 
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint> 
 </security-constraint>

You can just use normal links to the login page, and tomcat should automatically send redicts to the ssl connector, whichever port that is configure to.

nos  2009-08-05 15:23:28
I think the security constraint configuration is the best way to force a page to use ssl. If we are not forcing a page to use ssl using security constraint the users will be able to replace the https protocol with http and use it without ssl.
Arun P Johny  2009-08-05 16:44:55
+1 for CONFIDENTIAL protection
Thorbjørn Ravn Andersen  2009-08-05 23:26:42

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java