Hi guys, I have a little problem with using SSL on a Tomcat that is behind Apache. I have used Google all morning to try to find a good solution, but nothing so far.
As a part of my SSL VirtualHost configuration I have
<Location /MyApp/>
ProxyPass http://localhost:8080/MyApp/
</Location>
This works fine for most cases, but j_security_check, after a successful login from https://mysite.com/MyApp, redirects to a HTTP page http://mysite.com/MyApp/secret.html instead of leaving it as a HTTPS page https://mysite.com/MyApp/secret.html. It's not only the login that's confidential, but the data that is being transmitted, so I need to keep it HTTPS. When I add to the application's security-contraints
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
it redirects to https://mysite.com:8443/MyApp/secret.html. I realize that it redirects to 8443 because server.xml has SSL configured to 8443, but since this is proxied through Apache, it should in fact be 443.
I realize I have no ProxyPassReverse, but that's not something I can add within a section of the Apache config file
How can I force j_security_check to either redirect relative (so not change https to http) or to redirect to 443 instead of 8443? Is this something I should enforce via Tomcat or Apache's mod_proxy?
Cheers
Nik