Tomcat创建HTTPS访问,java访问https
一 https和ssL
HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。 它是一个URI scheme(抽象标识符体系),句法类同http:体系。用于安全的HTTP数据传输。https:URL表明它使用了HTTP,但HTTPS存在不同于HTTP的默认端口及一个加密/身份验证层(在HTTP与TCP之间)。这个系统的最初研发由网景公司(Netscape)进行,并内置于其浏览器Netscape Navigator中,提供了身份验证与加密通讯方法。
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are technologies which allow web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
TLS(全称:Transport Layer Security), 它的前身是SSL(全称:Secure Sockets Layer)。是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
Another important aspect of the SSL/TLS protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.
二 Tomcat创建https访问
详细官方文档:http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
1. 生成keystore文件
注意生成的过程,后面会发现其实name是为了限定域名。
Windows:
"%JAVA_HOME%binkeytool" -genkey -alias tomcat -keyalg RSA
-keystore pathtomykeystore
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-keystore /path/to/my/keystore
2. 修改tomcat/conf/server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
注意keystore文件位置以及密码。
3.启动一个web项目
1 Using CATALINA_BASE: "C:Usersmiaorf.IntelliJIdea2016.1systemtomcatUnnamed_spmvtest"
2 Using CATALINA_HOME: "D:Javaapache-tomcat-8.0.33"
3 Using CATALINA_TMPDIR: "D:Javaapache-tomcat-8.0.33temp"
4 Using JRE_HOME: "D:Javajdk1.8.0_73"
5 Using CLASSPATH: "D:Javaapache-tomcat-8.0.33binbootstrap.jar;D:Javaapache-tomcat-8.0.33bintomcat-juli.jar"
6 Connected to the target VM, address: '127.0.0.1:6611', transport: 'socket'
7 09-Jun-2016 17:58:58.412 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.33
8 09-Jun-2016 17:58:58.416 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar 18 2016 20:31:49 UTC
9 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.0.33.0
10 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows 10
11 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0
12 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
13 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: D:Javajdk1.8.0_73jre
14 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_73-b02
15 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
16 09-Jun-2016 17:58:58.418 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: C:Usersmiaorf.IntelliJIdea2016.1systemtomcatUnnamed_spmvtest
17 09-Jun-2016 17:58:58.419 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:Javaapache-tomcat-8.0.33
18 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:6611,suspend=y,server=n
19 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote=
20 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.port=1099
21 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.ssl=false
22 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.authenticate=false
23 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.rmi.server.hostname=127.0.0.1
24 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:Usersmiaorf.IntelliJIdea2016.1systemtomcatUnnamed_spmvtestconflogging.properties
25 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
26 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=D:Javaapache-tomcat-8.0.33endorsed
27 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:Usersmiaorf.IntelliJIdea2016.1systemtomcatUnnamed_spmvtest
28 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:Javaapache-tomcat-8.0.33
29 09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:Javaapache-tomcat-8.0.33temp
30 09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:Javajdk1.8.0_73bin;C:windowsSunJavabin;C:windowssystem32;C:windows;C:ProgramDataOracleJavajavapath;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;C:windowssystem32;C:windows;C:windowsSystem32Wbem;C:windowsSystem32WindowsPowerShellv1.0;;D:Javajdk1.8.0_73bin;C:Program Files (x86)SkypePhone;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDAL;C:Program FilesIntelIntel(R) Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPT;C:Program FilesIntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)MySQLMySQL Server 5.6bin;C:Program FilesRedis;D:Javagradle-2.12bin;C:Program Files (x86)Calibre2;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;C:Program FilesSamsungSamsungLinkAllShare Framework DMSbin;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;C:windowssystem32;C:windows;C:windowsSystem32Wbem;C:windowsSystem32WindowsPowerShellv1.0;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDAL;C:Program FilesIntelIntel(R) Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPT;C:Program FilesIntelIntel(R) Management Engine ComponentsIPT;C:Program FilesSamsungSamsungLinkAllShare Framework DMSbin;D:workspacespringbootspring-1.4.0.BUILD-SNAPSHOTbin;D:Javaapache-maven-3.3.9bin;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;D:datasqlite;.
31 09-Jun-2016 17:58:58.691 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
32 09-Jun-2016 17:58:58.771 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
33 09-Jun-2016 17:58:58.777 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8443"]
34 09-Jun-2016 17:58:59.120 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
35 09-Jun-2016 17:58:59.121 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
36 09-Jun-2016 17:58:59.124 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
37 09-Jun-2016 17:58:59.125 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1454 ms
38 09-Jun-2016 17:58:59.186 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina
39 09-Jun-2016 17:58:59.187 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.33
40 09-Jun-2016 17:58:59.202 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
41 09-Jun-2016 17:58:59.218 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]
42 09-Jun-2016 17:58:59.222 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
43 09-Jun-2016 17:58:59.226 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 99 ms
4.测试访问
三 java请求https
采用httpclient4.3+
ssl需要制定证书,这里首先忽略证书访问:
public static HttpClient getClient(boolean isSSL) {
if (isSSL) {
try {
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
return httpclient;
}
Test:
显然,最初设置证书的时候的名字就是域名,于是需要重置证书后重启项目:
结果正常:
提供keystore:
@Test
public void testHttpsWithCertification() throws Exception{
// Trust own CA and all self-signed certs
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(new File("my.keystore"), "123456".toCharArray(),
new TrustSelfSignedStrategy())
.build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] { "TLSv1" },
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
try {
HttpGet httpget = new HttpGet("https://localhost:8443/hello/list");
System.out.println("Executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(entity));
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
- python爬虫(七)_urllib2:urlerror和httperror
- 双拼市场好!米友售出域名chuijia.com
- Elasticsearch--数据索引
- python爬虫(一)_爬虫原理和数据抓取
- 域名tbw.vip一口价58888元交易
- Tomcat服务器+JSP页面+MySQL数据库网站部署
- 一步步教你理解LSTM
- 2017下半年IT行业快速发展的趋势
- 2018年人工智能和机器学习路在何方?听听美国公司怎么做
- Kubernetes服务网格(第10部分):服务网格API
- Kubernetes的服务网格(第2部分):Pods目前看来还是很棒的
- Docker / OSX快速入门
- HDOJ 1005
- Docker多容器业务流程实时迁移和Jelastic中微服务的高可用性
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- 静态网站
- ansible超详细使用指南
- Linux下快速安装Python3和pip
- 面试官:谈一谈java中基于AQS的并发锁原理
- kubernete编排技术三:StatefulSet
- Qt网络聊天室客户端
- 聊聊java中的StampedLock并发锁原理
- tomcat对AQS的扩展:使用LimitLatch控制连接数
- kubernete编排技术五:DaemonSet
- 深度剖析github上15.1k Star项目:redux-thunk
- 在不影响程序使用的情况下添加shellcode
- [K8s 1.9实践]Kubeadm 1.9 HA 高可用 集群 本地离线镜像部署
- ansible模块command、shell、raw、script
- systemd - CentOS 7进程守护&监控
- Java 8的新特性还不了解?快进来!