I have a problem with my Tomcat server.
When I access my site on http:// beluka.net I get a security warning, which I want to go away. I rather want to redirect the user to https:// www.beluka.net. I guess the problem is my security constraint in the web.xml file which makes http://beluka.net redirect to https://beluka.net
<security-constraint>
<web-resource-collection>
<web-resource-name>ROOT</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I also have a working rewrite rule which redirects all non-www-traffic to www-traffic which works fine, but the problem is my rewrite rule is just followed after I accept the security warning.
How can I open a "hole" in the web.xml security constraint for http:// beluka.net ?
my rewrite rule (using tuckey) is
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
"http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
<!--
Configuration file for UrlRewriteFilter
http://www.tuckey.org/urlrewrite/
-->
<urlrewrite>
<rule>
<name>Primary Domain Name Check</name>
<condition name="host" operator="notequal">www.beluka.net</condition>
<from>^(.*)</from>
<to type="permanent-redirect">https://www.beluka.net$1</to>
</rule>
</urlrewrite>
There are several ways to do this.
One would be to create a new virtual host for beluka.net and deploy a trivial web application that redirects every request to www.beluka.net. That way requests to http://beluka.net will be redirected to http://www.beluka.net and then to https://www.beluka.net and you won't get the mis-matched host warning.
An alternative way would be to re-order your certificate with a SAN for beluka.net. That way your certificate will be valid for beluka.net and www.beluka.net
There are probably other ways to do this too.