KEYCLOAK-812: Remove confidential transport from auth server we.xml and

documentation.
2014-11-03 09:36:55 -05:00 · 2014-11-03 09:36:55 -05:00 · 6c02510b92
commit 6c02510b92
parent 7408600f94
2 changed files with 0 additions and 35 deletions
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@ -702,27 +702,6 @@ keycloak-war-dist-all-&project.version;/

            </section>

-            <section>
-                <title>Enforce HTTPS For Server Connections</title>
-                <para>
-                    Servlet containers can force browsers and other HTTP clients to use HTTPS.  You have to configure this in
-                    <literal>.../standalone/deployments/auth-server.war/WEB-INF/web.xml</literal>.  All you have to do is
-                    uncomment out the security constraint.
-                </para>
-                <para>
- <programlisting><![CDATA[<web-app>
- ...
-       <security-constraint>
-           <web-resource-collection>
-               <url-pattern>/*</url-pattern>
-           </web-resource-collection>
-           <user-data-constraint>
-               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-           </user-data-constraint>
-       </security-constraint>
-</web-app>]]></programlisting>
-                </para>
-            </section>
        </section>

    </section>
--- a/server/src/main/webapp/WEB-INF/web.xml
+++ b/server/src/main/webapp/WEB-INF/web.xml
@ -49,18 +49,4 @@
        <servlet-name>Keycloak REST Interface</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>
-
-    <!--
-
-    <security-constraint>
-        <web-resource-collection>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <user-data-constraint>
-            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-        </user-data-constraint>
-    </security-constraint>
-    -->
-
-
 </web-app>