Redirect insecure requests of one tomcat application to secure port and don't redirect requests of another application

This is possible by setting separate "Service" element in conf/server.xml.

For example you have

<Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> <Engine name="Catalina" defaultHost="insecure.example.com"> <Host name="insecure.example.com" appBase="insecure" unpackWARs="true" autoDeploy="true"> </Host> </Engine> </Service> 

Now add additional service section

<Service name="SecureApps"> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/usr/local/tomcat/keys/keystore.p12" keystorePass="mySecret" keystoreType="pkcs12" clientAuth="false" sslProtocol="TLS" /> <Engine name="SecureEngine" defaultHost="secure.example.com"> <Host name="secure.example.com" appBase="secure" unpackWARs="true" autoDeploy="true"> </Host> </Engine> </Service> 

Thus secure application won't be available via insecure connections, as HTTP port is served by another service.

With regards to HTTP(8080)->HTTPS(8443) redirecting, probably there is better way in such configuration, but it is possible to setup second "Host" section with name="secure.example.com" inside "Catalina" service, and deploy some web application containing simple servlet redirecting any requests come to it to specified secure url.

For example

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>Redirect to secure port</display-name> <description> This is a simple web application which redirects you to secure port </description> <servlet> <servlet-name>RedirectServlet</servlet-name> <servlet-class>com.mycompany.RedirectServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>RedirectServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app> 

RedirectServlet.java

import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class RedirectServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = "https://secure.example.com:8443/"; response.sendRedirect(url); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = "https://secure.example.com:8443/"; response.sendRedirect(url); } }