http://flysky7931.iteye.com/blog/305074
?
前几天客户提出要强制使用HTTPS方式访问Tomcat中的相关项目,于是研究了下,现将具体的步骤写下:?
??? 主要分2步:让tomcat能使用https--->强制使用https访问?
1.让tomcat能使用https?
? A.在运行命令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg??
??? RSA? -keystore???? C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore?
??? 这样就生成了证书,将证书放到合适的地方(任意地方都可以)?
? B.打开tomcat目录下的server.xml文件并找到关于ssl的相关段?
???
Java代码??
- <!--?Define?a?SSL?HTTP/1.1?Connector?on?port?8443??
- This?connector?uses?the?JSSE?configuration,?when?using?APR,?the???
- connector?should?be?using?the?OpenSSL?style?configuration??
- described?in?the?APR?documentation?-->??
- <!--<Connector?port="8443"?protocol="HTTP/1.1"?SSLEnabled="true"??
- maxThreads="150"?scheme="https"?secure="true"??
- clientAuth="false"??sslProtocol="TLS"?/>-->??
? C.去掉注释,添keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore"?
? keystorePass="tomcat"的属性?
? 改动完成后配置为:?
?
Java代码??
- <Connector?port="8443"?protocol="HTTP/1.1"?SSLEnabled="true"???maxThreads="150"?scheme="https"?secure="true"?clientAuth="false"?keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore"?keystorePass="tomcat"?sslProtocol="TLS"?/>??
? D.然后重启tomcat就能使用HTTPS访问?
2.强制https访问?
? 在tomcat\conf\web.xml中的</welcome-file-list>后面加上这样一段:?
Java代码??
- <login-config>??
- ????<!--?Authorization?setting?for?SSL?-->??
- ????<auth-method>CLIENT-CERT</auth-method>??
- ????<realm-name>Client?Cert?Users-only?Area</realm-name>??
- </login-config>??
- <security-constraint>??
- ????<!--?Authorization?setting?for?SSL?-->??
- ????<web-resource-collection?>??
- ????????<web-resource-name?>SSL</web-resource-name>??
- ????????<url-pattern>/*</url-pattern>??
- ????</web-resource-collection>??
- ????<user-data-constraint>??
- ????????<transport-guarantee>CONFIDENTIAL</transport-guarantee>??
- ????</user-data-constraint>??
- </security-constraint>??
完成以上步骤后,在浏览器中输入http的访问地址也会自动转换为https了