<security-constraint>
<web-resource-collection >
<web-resource-name >syncTopic</web-resource-name>
<url-pattern>/front/topic/sync.do</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
java+jsp
一、证书制作
参考:
http://licg1234.blog.163.com/blog/static/13908233320121165356868/ keytool+tomcat配置HTTPS 双向证书认证
二、强制tomcat http转https,web.xml
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
三、假如tomcat设置的是https方式访问,某些Url又想通过http方式访问,web.xml特殊配置以下
<security-constraint>
<web-resource-collection >
<web-resource-name >syncTopic</web-resource-name>
<url-pattern>/front/topic/sync.do</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
四、一个tomcat多个证书,可参考:
http://www.iteye.com/topic/554238
五、内网http,外网https。不知道是否可以添加apache实现,但是我用fielter实现的。
同时开通http和https端口,fielter中判断域名是内网还是外网isInner(request.getServerName()),再根据是否是安全方式访问request.isSecure()决定接下来的逻辑