强制使用HTTPS --- Tomcat篇

 

1.让tomcat能使用https

  A.在运行命令JAVA_HOME/bin/keytool-genkey -alias tomcat -keyalg 
    RSA  -keystore     C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore
    这样就生成了密钥库，将密钥库放到合适的地方（任意地方都可以）

  B.打开tomcat目录下的server.xml文件并找到关于ssl的相关 段
   

<!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <!-- <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> 

  C.去掉注释，添keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore"
  keystorePass="tomcat"的属性
  改动完成后配置为:
 

Java 代码

1. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"   maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />  

  D.然后重启tomcat就能使用HTTPS访问

2.强制https访问

  在tomcat/conf/web.xml中的</welcome- file-list>后面加上这

<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

          <transport-guarantee>CONFIDENTIAL</transport-guarantee完成以上步骤后，在浏览器中输入http的访问地址也会自动转换为https了

      </user-data-constraint>

  </security-constraint>