https无非就是http+ssl,也就是在http基础上进行证书上的校验,俗称安全的http
之前的一篇文章http传输json进行服务端接口与客户端对接,以及restful实现
下面在这demo基础上进行https修改
具体操作步骤:
1.对服务端进行修改,接口访问使用https
a.利用jdk自带的证书生成工具来生成一个key,keytool -genkey -alias cwh -keyalg RSA -keystore e:/keys/cwhkey
主意一下:'您的名字与姓氏是什么'这里需要注意的,你所填的到时会作为是你的域名来用
b.tomcat/conf/server.xml启用ssl(把下面的这个本身是注释掉的开启)
c.把上面tomcat配置进行修改(添加:keystoreFile="对应你生成的key文件路径",keystorePass="你的秘钥口令"):
d.ok这样就可以了,再来访问下之前做的接口地址,https://localhost:8443/springMVC/user/getUserByName/cwh,结果如下,证明ssl应用成功
e.至此似乎服务端接口采用https协议很成功,但是问题来了,之前http://localhost:8080/springMVC/user/getUserByName/cwh这个地址已经暴露过,别人直接通过这个访问不也就绕过了https了么,那么解决办法就是让http访问重定向到https去,操作如下:在tomcat目录下的conf/web.xml此文件改位置添加如下代码代码:
<security-constraint>
<web-resource-collection>
<web-resource-name>ssl</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
ok这样的话继续访问http://localhost:8080/springMVC/user/getUserByName/cwh的话会被重定向到https去:
至此https服务端完成
2.下面进行httpclient客户端编写,
在之前demo基础上进行修改,添加证书:
HttpClient httpclient = new DefaultHttpClient();
String uri = "https://localhost/springMVC/user/getUserByName/cwh";
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("E:/keys/cwhkey"));
//密匙库的密码
trustStore.load(instream, "caiwenhao".toCharArray());
//注册密匙库
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
//不校验域名
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", 8443, socketFactory);//8443端口
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
注意一下:socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);是不校验域名,如果注释掉的话,那么你访问的uri就会报如下错误:
这时我们需要把域名localhost改为你的所设置的‘您的名字与姓氏是什么’的值,https://cwh/springMVC/user/getUserByName/cwh,这里的域名cwh是我们虚拟出来的所以我们 需要去hosts文件配置下让cwh这个域名指向本地:打开C:\Windows\System32\drivers\etc,hosts文件添加127.0.0.1 cwh;
还需注意的是:Scheme sch = new Scheme("https", 8443, socketFactory);设置的是我们https的端口8443
客户端 完整代码如下:
public void HttpPostData() {
try {
HttpClient httpclient = new DefaultHttpClient();
String uri = "https://localhost/springMVC/user/getUserByName/cwh";
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("E:/keys/cwhkey"));
//密匙库的密码
trustStore.load(instream, "caiwenhao".toCharArray());
//注册密匙库
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
//不校验域名
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", 8443, socketFactory);//8443端口
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
HttpPost httppost = new HttpPost(uri);
JSONObject obj = new JSONObject();
HttpResponse response;
response = httpclient.execute(httppost);
//检验状态码,如果成功接收数据
int code = response.getStatusLine().getStatusCode();
System.out.println(code+"code");
if (code == 200) {
String rev = EntityUtils.toString(response.getEntity());//返回json格式: {"id": "","name": ""}
obj= JSONObject.fromObject(rev);
System.out.println(obj.get("username"));
User user = (User)JSONObject.toBean(obj,User.class);
System.out.println("返回数据==="+user.toString());
}
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}