have a misunderstanding what's going on with Tomcat!
I have my app deployed as ROOT.war on Tomcat. Have one URL that I want to be reached only via SSL.
Tomcat process this URL good:
http://localhost:443/securedUrl
and don't process this URL:
https: //localhost/securedUrl
Why?
A piece of $CATALINA_HOME/conf/server.xml:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/webapps/ROOT/myapp.keystore.bin"
keystorePass="lalala" />
A piece of $CATALINA_HOME/webapps/ROOT/WEB-INF/web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>secured_postbacks</web-resource-name>
<url-pattern>/securedUrl</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
HTTP can happily run on port 443. HTTPS is not HTTP - it's HTTP over TLS or SSL - and it can happily run on port 80.
They're simply not the same: http://localhost:443/securedUrl and https://localhost/securedUrl do not point to the same resource.