KN郑某某

Appearance

1. 配置 server.xml

server.xml 中修改监听的端口,同时配置证书(证书同样放在和server.xml文件相同的 tomcat/conf 目录下,密码是 123456

xml
<Connector port="443" protocol="HTTP/1.1"
           SSLEnabled="true"
           scheme="https"
           secure="true"
           keystoreFile="conf/server.jks"
           keystorePass="123456"
           clientAuth="false"
           sslProtocol="TLS"
           connectionTimeout="10000"
           URIEncoding="UTF-8"
           maxThreads="600"
           minSpareThreads="150"
           maxSpareThreads="250"
           maxKeepAliveRequests="1"
           acceptCount="600"/>
<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="10000"/>

2. 配置 web.xml

在web.xml添加配置如下,如果存在部分链接不需要自动跳转https,可以在前面添加一个 security-constraint 配置,默认全部http链接自动跳转到https

xml
<!-- 部分链接不跳转https -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>http</web-resource-name>
    <url-pattern>/order/return1</url-pattern>
    <url-pattern>/order/return2</url-pattern>
  </web-resource-collection>
</security-constraint>

<!-- 其它链接跳转https -->
<security-constraint>
<web-resource-collection>
  <web-resource-name>SSL</web-resource-name>
  <url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>