Knowledgebase:
How to Force HTTPS Connections in Workflow or Webmail
Posted by Aly Essa, Last modified by Jeyram Sachchithananthan on 18 August 2022 05:08 PM

Overview

When a connection comes into the Tomcat Web Server it can be directed to use an HTTPS Socket rather than a non-secure HTTP Socket. Tomcat allows a configuration where HTTPS can be enforced only by the Workflow or Webmail deployment or a server-wide rule can be enforced.

This article will discuss how to redirect connections to HTTPS using the Tomcat Web Server. It is not necessary to use a server-wide rule and an application-wide rule. 


Environment

FileCatalyst Workflow v4.9 and later.

FileCatalyst Webmail v4.9 and later.

Tomcat Web Server v7.0 and later.

 

Resolution

Server Wide Rule:

  1. Shutdown the Tomcat Web Server Service.
  2. Locate the web.xml file which is located in /<Tomcat Root>/conf/web.xml folder.
  3. Edit the file web.xml and add the following to the end of the file just before the </web-app> tag:

    <!-- redirect all traffic to the SSL port -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Automatic SLL Forwarding</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

    Save the file and restart the Tomcat Web Server for the changes to take effect.

Application Wide Rule:

  1. Shutdown the Tomcat Web Server Service.
  2. Locate the web.xml file for the Webmail or Workflow deployment which is located in /<Tomcat Root>/webapps/workflow/WEB-INF/web.xml or /<Tomcat Root>/webapps/fcweb/WEB-INF/web.xml.
  3. Edit the file web.xml and add the following to the end of the file just before the </web-app> tag:

    <security-constraint>
       <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <!-- auth-constraint goes here if you requre authentication -->
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

  4. Save the file and restart the Tomcat Web Server for the changes to take effect.

Set Redirect Port for Tomcat:

Any HTTP connections to your FileCatalyst Webmail or Workflow deployment will be redirected to HTTPS instead using the Connector redirect port set in server.xml.
Default installations of Tomcat have this redirectPort set to 8443. If this is not the HTTPS port you are using, you will need to update server.xml accordingly. 

Note:

If you modify the application specific web.xml, you will have to remember to re-insert this code every time you upgrade, because the upgrade procedure requires deleting the entire webapp folder including the WEB-INF/web.xml file.