All works as it should accoring to your configuration
If you want you application only be accessable via SSL and redireceted to it if not, you should add
to you web.xml
Well, then I have to introduce a web.xml. So far i have managed without - like the "getting started" tutorials that comes with AS7. According to these, the web.xml is not required for Java EE 6 applications.
Then just add security constraint annotations.
web.xml is optional but for some fine tuning it is still useful
You could probably add something like this to your bean
but it is easier to configure it app wide in web.xml
take a look at https://blogs.oracle.com/swchan/entry/follow_up_on_servlet_3 for more information about this.
also you can remove/disable http connector that serves non ssl requests, that way you will make sure no non-ssl requests are ever processed
Thank you for your help! It was much needed
I could get the annotation to work, but I managed to get a web.xml constructed. A couple of notes:
- I can't figure out what the parameter "redirect" is use to in the connector configuration of the subsystem if not redirecting
- I understand the argument about "fine tuning" the application in the web.xml. What I don't understand is why the application can't be configured in the container alone. The web.xml is "just" a descriptor file, but it is still wrapped in the deployable