For Tomcat to perform a redirect, you need to configure it with one or more security constraints. You can do this by post-processing the Context
using a TomcatEmbeddedServletContainerFactory
subclass.
For example:
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
Due to CONFIDENTIAL
and /*
, this will cause Tomcat to redirect every request to HTTPS. You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
An instance of the above TomcatEmbeddedServletContainerFactory
subclass should be defined as a bean using a @Bean
method in a @Configuration
class.