tomcat 设置https访问

要强制使用HTTPS方式访问Tomcat中的相关项目，将具体的步骤写下： 

 

主要分2步:让tomcat能使用https--->强制使用https访问 

1.让tomcat能使用https 

 

  A.在运行命令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg  

    RSA  -keystore     C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore 

    这样就生成了证书，将证书放到合适的地方（任意地方都可以） 

 

  B.打开tomcat目录下的server.xml文件并找到关于ssl的相关段 

    

Java代码 

<!-- Define a SSL HTTP/1.1 Connector on port 8443  

 This connector uses the JSSE configuration, when using APR, the    

 connector should be using the OpenSSL style configuration   

 described in the APR documentation -->   

 <!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  

 maxThreads="150" scheme="https" secure="true"  

 clientAuth="false"  sslProtocol="TLS" />-->   

<!-- Define a SSL HTTP/1.1 Connector on port 8443

    This connector uses the JSSE configuration, when using APR, the 

    connector should be using the OpenSSL style configuration

    described in the APR documentation -->

    <!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

    maxThreads="150" scheme="https" secure="true"

    clientAuth="false"  sslProtocol="TLS" />-->

 

 

  C.去掉注释，添keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore" 

  keystorePass="tomcat"的属性 

  改动完成后配置为: 

  

Java代码 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"   maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />  

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"   maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />

 

 

  D.然后重启tomcat就能使用HTTPS访问 

 

2.强制https访问 

  在tomcat\conf\web.xml中的</welcome-file-list>后面加上这样一段： 

Java代码 

<login-config>   

     <!-- Authorization setting for SSL -->   

     <auth-method>CLIENT-CERT</auth-method>   

     <realm-name>Client Cert Users-only Area</realm-name>   

 </login-config>   

 <security-constraint>   

     <!-- Authorization setting for SSL -->   

     <web-resource-collection >   

         <web-resource-name >SSL</web-resource-name>   

         <url-pattern>/*</url-pattern>   

     </web-resource-collection>   

     <user-data-constraint>   

         <transport-guarantee>CONFIDENTIAL</transport-guarantee>   

     </user-data-constraint>   

 </security-constraint>  

<login-config>

      <!-- Authorization setting for SSL -->

      <auth-method>CLIENT-CERT</auth-method>

      <realm-name>Client Cert Users-only Area</realm-name>

  </login-config>

  <security-constraint>

      <!-- Authorization setting for SSL -->

      <web-resource-collection >

          <web-resource-name >SSL</web-resource-name>

          <url-pattern>/*</url-pattern>

      </web-resource-collection>

      <user-data-constraint>

          <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

  </security-constraint>

 

 

 

完成以上步骤后，在浏览器中输入http的访问地址也会自动转换为https了