1、开启使用https协议
编辑tomcat目录下的conf/server.xml文件
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"secure="true"clientAuth="false" sslProtocol="TLS" keystoreFile="keystore/SSL.jks" keystorePass="XXXX" />
keystoreFile:证书路径(相对与tomcat主目录,例如:conf/SSL.jks)
keystorePass:证书密码
2、强制使用https协议
在 tomcat主目录的 conf/web.xml 中的 </welcome- file-list>节点后面加上这
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>