Information
Use the transport-guarantee attribute to ensure SSL protection when accessing all applications. This can be overridden on a per application basis in the application configuration.
Rationale:
By default, when accessing applications SSL will be enforced to protect information sent over the network. By using the transport-guarantee attribute within web.xml, SSL is enforced.
Note: This requires SSL to be configured.
Solution
Set transport-guarantee to CONFIDENTIAL in $CATALINA_HOME/conf/web.xml:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
<user-data-constraint>
Impact:
If the data protection level is set to INTEGRAL or CONFIDENTIAL, and the client is not already using SSL, then the client is redirected to the same URI, but using port 443 or the port defined for the redirectPort attribute in the <Connector> element in server.xml.
Default Value:
By default this configuration is not present.
References:
https://www.owasp.org/index.php/Securing_tomcat