Hi there - I know this is basics and that's why I ask for simple tutorial instead of tens of pages of JAAS specs... How can I force my webapp to comunicate over SSL? I don't want (at leas at this moment) to use JAAS based authentication - just SSL connection security...
I've added
<security-constraint> <display-name>general SSL security</display-name> <web-resource-collection> <web-resource-name>all pages</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
<Connector port="8443" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="true" keystoreFile="${jboss.server.home.dir}/conf/test.keystore" keystorePass="opensource" sslProtocol = "TLS" />