强制使用HTTPS --- Tomcat篇

<!-- [if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:PunctuationKerning/> <w:DrawingGridVerticalSpacing>7.8 磅</w:DrawingGridVerticalSpacing> <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery> <w:DisplayVerticalDrawingGridEvery>2</w:DisplayVerticalDrawingGridEvery> <w:Compatibility> <w:SpaceForUL/> <w:BalanceSingleByteDoubleByteWidth/> <w:DoNotLeaveBackslashAlone/> <w:ULTrailSpace/> <w:DoNotExpandShiftReturn/> <w:AdjustLineHeightInTable/> <w:UseFELayout/> </w:Compatibility> <w:DoNotOptimizeForBrowser/> </w:WordDocument> </xml><![endif]-->

1. 让 tomcat 能使用 https

A. 在运行命令 JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg
RSA -keystore C:/Tomcat /GMAE3.0Tomcat/tomcat .keystore
这样就生成了密钥库，将密钥库放到合适的地方（任意地方都可以）

B. 打开 tomcat 目录下的 server.xml 文件并找到关于 ssl 的相关 段

<!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <!-- <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

C. 去掉注释，添 keystoreFile="C:/Tomcat /GMAE3.0Tomcat/tomcat .keystore"
keystorePass="tomcat " 的属性
改动完成后配置为 :

Java 代码

1. <Connectorport="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme=" https " secure="true" clientAuth="false" keystoreFile="C:/ Tomcat /GMAE3.0Tomcat/ tomcat .keystore" keystorePass=" tomcat " sslProtocol="TLS" />

D. 然后重启 tomcat 就能使用 HTTPS 访 问

2. 强制 https 访问

在 tomcat /conf/web.xml 中的 </welcome- file-list> 后面加上这

<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

 









<transport-guarantee>CONFIDENTIAL</transport-guarantee
完成以上步骤后，在浏览器中输入http的访问地址也会自动转换为https了

 









</user-data-constraint>

 









</security-constraint>