偶尔晴天

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
Tomcat实现用https请求访问 
<!-- 修改文件:tomcat/conf/server.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8010" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  
  <Service name="Catalina">
  	<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
    
    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" 
               scheme="https" secure="true" 
               keystoreFile="ssl证书文件的路径" 
               keystorePass="ssl证书文件密钥" 
               clientAuth="false" />
    
    <Engine name="Catalina" defaultHost="域名">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>

      <Host name="域名" appBase="webapps" unpackWARs="true" autoDeploy="true">
        
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />

        <Context path="" docBase="Knews" />
        
      </Host>
    </Engine>
  </Service>
</Server>

主要参数配置:

keystoreFile:密钥库文件的存放位置,可以是绝对路径

keystorePass:密钥库密码

clientAuth:如果设为 true,表示 Tomcat 要求所有的 SSL 客户出示安全证书,对 SSL 客户进行身份验证

 

<!-- 配置 tomcat/conf/web.xml 文件,在 </welcome-file-list> 下按回车,输入以下内容 -->
<login-config>
  <auth-method>CLIENT-CERT</auth-method>
  <realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
  <web-resource-collection>
    <web-resource-name>SSL</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

以上配置即可实现http请求自动转为https访问请求,配置完毕,需要重新启动tomcat

 

SSL证书可以在腾讯云申请免费一年期的,链接:https://console.cloud.tencent.com/ssl

posted on 2020-11-13 16:40  偶尔晴天  阅读(179)  评论(0)    收藏  举报