I've tried to solve your kind of problem,
ie to have an HTTP catalina connector that
automatically redirect to an HTTPS
catalina connector, whenever the
web-app/security-constraint/
user-data-constraint/transport-guarantee
is set to CONFIDENTIAL or INTEGRAL

I have patched catalina MBean so that it support
a redirectPort parameter...

I have 2 similar pair of HTTP/HTTPS connectors,

the first pair, associate the usual HTTP
connector, configured as usual, with a redirectport
to a connector configured in a "Config" XML attribute...

the second pair of connectors are configured purely
in the Config XML attribute, the HTTP connector pointing
on the HTTPS connector

each of the 4 connectors works perfectly,
except that the redirection HTTP->HTTPS
when transport-guarantee is CONFIDENTIAL
does not works at all...

I'm investigating further,
but I'm afraid this is a catalina problem...
maybe something about the "Embedded" class
which is not used by default on standalone tomcat4...

my jboss.jcml contains:

<!-- Embedded Tomcat 4.x - JBossSX SecurityDomain (JaasSecurityDomain) -->




../conf/tomcat.jks
changeit



<!-- Uncomment to add embedded catalina service -->

80
http
443
999















my web.xml contains

<web-app>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>Login_utilisateur.jsp</welcome-file>
</welcome-file-list>
<!-- a mettre ABSOLUMENT avant les ejb-ref... l'ordre importe !!! -->
<security-constraint>
<web-resource-collection>
<web-resource-name>protected-lilafinance</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
...

The redirect from non-secured port 8080 to secured port 8443 does not work. I got this exception:

[INFO,EmbeddedCatalinaServiceSX] StandardHost[localhost]: MAPPING configuration error for request URI
[ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
java.lang.NullPointerException
at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:280)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)

BINGO, it works !!!!

the solution seems strange, but setting
catalina to debuglevel=2 helped much...

the problem was that the https URL
were not supported but the URL class ...
the solution is written in JSSE doc :
just add this to jboss.properties
or add the equivalent
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
option


#JSSE
#https URL support
java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

By the way note, that as usual space at the end of line
in a property file is important...
it have cause problems to me 3 times and I've lost hours on such subtleties...

I don't fire what is the problem but, as it works for
me this can be a minor error...

JSSE installation is not trivial:
- one have to add the JSSE provider
in jre/lib/security/java.security
I have this in mine... (jsse and jce)
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider
#added for jsse
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
#added for jce
security.provider.4=com.sun.crypto.provider.SunJCE

-the other problem is the one I've cited
earlier (the HTTPS URL handler to configure),
but I think you have used the trick...

however the message I see seems to accuse
the web.xml (or application.xml in a .ear)
deployment file...

try to put jboss in debug mode,
this trigger the catalina debugLevel#2
which will give you much more info...

note that I've also added a patch to control
catalina debuglevel from the jboss.jcml...
I should publish my changes soon...

hope this helps



>The redirect from non-secured port 8080
> to secured port 8443 does not work. I got this exception:
>[INFO,EmbeddedCatalinaServiceSX] StandardHost[localhost]: MAPPING configuration error for request URI
>[ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
>java.lang.NullPointerException
at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:280)

Acutally it works for me for redirecting from port 8080 to 8443 if I type in the default login page configured in the web.xml on the URL. e.x. If I type URL "http://localhost:8080/secured/login.jsp" it'll redirect to "https://localhost:8443/secured/login.jsp", but if I type in only "http://localhost:8080/secured/" then the server throws that null pointer exception. But if I were to use the default ports such as 80 and 443 then both cases works fine.

bchi49,
Check this one, it might help you
http://main.jboss.org/thread.jsp?forum=49&thread=7762

Iulian