一,java使用 keytool工具创建证书
CMD窗口中运行 "keytool -genkey -alias "别名" -keyalg RSA -validity "有效时间" -keystore "生成证书路径"
二,配制tomcat支持ssl
在tomcat的config server.xml中打开 Connector结点
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="yourPath/xx.keystore" keystorePass="yourPwd"
clientAuth="false" sslProtocol="TLS" />
这里注意下,在tomcat6下
protocol="HTTP/1.1 " <!-- 改为 --> protocol="org.apache.coyote.http11.Http11Protocol"
否则起动会报错
三,工程中web.xml配制
上两部己实现了ssl的访问 https://localst (443为https默认端口所以不用加端口号)就己是ssl安全通道中,但是我们还是可以通过http://localhost:port 访问,这里要让它http时自动成https
在web.xml中加入下面内容
<security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/xxx/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
在url-pattern中配制的是你要拦截的请求路径,比如只想对login模块强制转成https,则可配 /login/*
四,此时让tomcat支持https己全部配制完成,浏览器第一次访问时因为是自己制作的证书可以会有安全信任问题,要添加例外。想要httpclient发送https的请求,则还需如下的步骤
五,从浏览器中导出让才的证书(crt,pem后缀都可以)然后用keytool工具导入keystore,命令如下:
keytool -import -alias "localhost" -file xxx.crt -keystore ooo.keystore
xxx.crt : 刚从浏览器导出的证书
ooo.keystore :命令生成的keystore文件
六,java代码 (不得不说httpclient3和4版本在使用上差异还很大,用习惯了3总感觉4并不太顺手)
public static String sendSSLRequest(String requestUrl) {
long responseLength = 0; // 响应长度
String responseContent = null; // 响应内容
HttpClient httpClient = new DefaultHttpClient(); // 创建默认的httpClient实例
KeyStore trustStore = null;
InputStream fis = null;
HttpGet httpGet = null;
HttpResponse response = null;
try {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
fis = HttpsBaseAction.class.getClassLoader().getResourceAsStream(
"my.keystore");
trustStore.load(fis, "pwd".toCharArray()); // 加载KeyStore
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); // 创建Socket工厂,将trustStore注入
Scheme sch = new Scheme("https", 443, socketFactory); // 创建Scheme
httpClient.getConnectionManager().getSchemeRegistry().register(sch); // 注册Scheme
httpGet = new HttpGet(requestUrl); // 创建HttpGet
Header headers[] = { new BasicHeader("myheader", "value") };
httpGet.setHeaders(headers); // 设置头信息
// 设置请求参数,get好像只能在url那里用?xx=xx传参(暂时没找到到别的可传参方法)
// 如用post传参如下
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("prameName", "value"));
UrlEncodedFormEntity uefEntity;
uefEntity = new UrlEncodedFormEntity(formparams, HTTP.UTF_8);
HttpPost post = new HttpPost(requestUrl);
post.setEntity(uefEntity);
post.setHeader("myheader", "value");
// response = httpClient.execute(post); // 执行POST请求
response = httpClient.execute(httpGet); // 执行GET请求
HttpEntity entity = response.getEntity(); // 获取响应实体
if (null != entity) {
responseLength = entity.getContentLength();
responseContent = EntityUtils.toString(entity, "UTF-8");
EntityUtils.consume(entity); // Consume response content
}
System.out.println("请求地址: " + httpGet.getURI());
System.out.println("响应状态: " + response.getStatusLine());
System.out.println("响应长度: " + responseLength);
System.out.println("响应内容: " + responseContent);
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
fis.close();
} finally {
httpClient.getConnectionManager().shutdown(); // 关闭连接,释放资源
return responseContent;
}
}
}