操作概述:
一共2步,需要配置tomcat和application.
1.配置tomcat,使其支持ssl
1.1 导出keystore文件:
keytool -v -genkey -alias tomcat -keyalg RSA -keystore /software/tomcat/tomcat.keystore
跟着提示操作就好, 密码可以用相同的
1.2 配置$TOMCAT_HOME/server.xml
启用SSL,并且设置keystorePass和keystoreFile的值
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the
JSSE configuration, when using APR, the connector should be using the OpenSSL
style configuration described in the APR documentation -->
<Connector SSLEnabled="true" clientAuth="false" maxThreads="150"
port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS" keystorePass="tigEr@53"
keystoreFile="/software/tomcat/tomcat.keystore" />
2.修改web.xml文件使其重定向
在<welcome-file-list/>后边加上一段, done.
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>