tomcat 设置https访问

​​tomcat 设置https访问​​

要强制使用HTTPS方式访问Tomcat中的相关项目，将具体的步骤写下： 主要分2步:让tomcat能使用https--->强制使用https访问 1.让tomcat能使用https A.在运行命令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore 这样就生成了证书，将证书放到合适的地方（任意地方都可以） B.打开tomcat目录下的server.xml文件并找到关于ssl的相关段

 Java代码

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />-->

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />-->

C.去掉注释，添keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore"

keystorePass="tomcat"的属性

改动完成后配置为:

Java代码

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />

  D.然后重启tomcat就能使用HTTPS访问 

2.强制https访问

在tomcat\conf\web.xml中的</welcome-file-list>后面加上这样一段：

Java代码

<login-config>

<!-- Authorization setting for SSL -->

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Client Cert Users-only Area</realm-name>

</login-config>

<security-constraint>

<!-- Authorization setting for SSL -->

<web-resource-collection >

<web-resource-name >SSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<!-- Authorization setting for SSL -->

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Client Cert Users-only Area</realm-name>

</login-config>

<security-constraint>

<!-- Authorization setting for SSL -->

<web-resource-collection >

<web-resource-name >SSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

完成以上步骤后，在浏览器中输入http的访问地址也会自动转换为https了