啓用TOMCAT的SSL
本教程使用 JDK 6 和 Tomcat 7,其他版本類似。基本步驟:
使用 java 創建一個 keystore 文件
配置 Tomcat 以使用該 keystore 文件
測試
配置應用以便使用 SSL ,例如 https://localhost:8443/yourApp
1. 創建 keystore 文件
執行 keytool -genkey -alias tomcat -keyalg RSA 結果如下
loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
[Unknown]: Loiane Groner
What is the name of your organizational unit?
[Unknown]: home
What is the name of your organization?
[Unknown]: home
What is the name of your City or Locality?
[Unknown]: Sao Paulo
What is the name of your State or Province?
[Unknown]: SP
What is the two-letter country code for this unit?
[Unknown]: BR
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
[no]: y
Enter key password for
(RETURN if same as keystore password): password
Re-enter new password: password
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
[Unknown]: Loiane Groner
What is the name of your organizational unit?
[Unknown]: home
What is the name of your organization?
[Unknown]: home
What is the name of your City or Locality?
[Unknown]: Sao Paulo
What is the name of your State or Province?
[Unknown]: SP
What is the two-letter country code for this unit?
[Unknown]: BR
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
[no]: y
Enter key password for
(RETURN if same as keystore password): password
Re-enter new password: password
這樣就在用戶的主目錄下創建了一個 .keystore 文件
2. 配置 Tomcat 以使用 keystore 文件
打開 server.xml 找到下面被註釋的這段
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
幹掉註釋,並將內容改爲
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
3. 測試
啓動 Tomcat 並訪問 https://localhost:8443. 你將看到 Tomcat 默認的首頁。
需要注意的是,如果你訪問默認的 8080 端口,還是有效的。
4. 配置應用使用 SSL
打開應用的 web.xml 文件,增加配置如下:
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
將 URL 映射設爲 /* ,這樣你的整個應用都要求是 HTTPS 訪問,而 transport-guarantee 標籤設置爲 CONFIDENTIAL 以便使應用支持 SSL。
如果你希望關閉 SSL ,只需要將 CONFIDENTIAL 改爲 NONE 即可。
如果是MAVEN的TOMCAT插件,則加入如下配置
<build>
<finalName>test-dropbox</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.5.1</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.0</version>
<configuration>
<httpsPort>8443</httpsPort>
<keystorePass>password</keystorePass>
<keystoreFile>C:\Users\PAUL\.keystore</keystoreFile>
</configuration>
</plugin>
</plugins>
</build>
<finalName>test-dropbox</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.5.1</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.0</version>
<configuration>
<httpsPort>8443</httpsPort>
<keystorePass>password</keystorePass>
<keystoreFile>C:\Users\PAUL\.keystore</keystoreFile>
</configuration>
</plugin>
</plugins>
</build>
轉載http://www.blogjava.net/paulwong/archive/2013/10/14/404941.html