2016-06-14

Misc settings with Tomcat

Force HTTPS connections

In conf/web.xml:
<security-constraint>
    <web-resource-collection>
        <web-resource-name>SSL Content</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Disable JSESSIONID/CSRF URL rewrite

In conf/web.xml:
<session-config>
   <tracking-mode>COOKIE</tracking-mode>
</session-config>

No comments: