https://www.cnblogs.com/parker-yu/p/10690837.html
It is also possible to modify the tomcat\conf\web.xml file to take effect for all programs under the tomcat
<!--Forced to use https, http request will be automatically converted to https--> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</ realm-name> </login-config> <!--Configure the website to support https, /* means all requests go through https, and the transport-guarantee tag is set to CONFIDENTIAL so that the application supports SSL. If you need to turn off SSL, change CONFIDENTIAL to NONE--> <security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/* </url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> <