1. Tomcat related configuration
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="D:/Java/apache-tomcat-7.0.62/conf/10.20.134.22.keystore"
keystorePass="123456" sslProtocol="TLS" />
2. Project related configuration ( HTTPS access resources optional)
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The above configuration method is used for limited resources
|
|
browser access |
interface call |
| HTTP |
The server will return a 302 status code asking the browser to redirect the access |
The interface has no automatic redirection function, and the call fails |
| HTTPS |
normal access |
normal access |
For unrestricted resources, both HTTP and HTTPS methods can be used for normal access
3. Verification method
Using HTTPS single-item authentication, the transmitted data is encrypted, but the source of the client is not verified. The two-way authentication server will verify the client's
Generate a certificate for the server:
keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/10.20.134.22.keystore -validity 36500
Export the certificate:
keytool -export -alias tomcat -file D:/filr.cer -keystore d:/10.20.134.22.keystore -validity 36500
Import the certificate:
keytool -import -alias tomcat -file d:/filr.cer -keystore d:/truststore
Borrowing from the blog:
http://www.blogjava.net/stevenjohn/archive/2012/09/26/388600.html
http://xiaohuafyle.iteye.com/blog/1538719