1. 配置 server.xml
在server.xml 中修改监听的端口,同时配置证书(证书同样放在和server.xml文件相同的 tomcat/conf 目录下,密码是 123456)
<Connector port="443" protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="conf/server.jks"
keystorePass="123456"
clientAuth="false"
sslProtocol="TLS"
connectionTimeout="10000"
URIEncoding="UTF-8"
maxThreads="600"
minSpareThreads="150"
maxSpareThreads="250"
maxKeepAliveRequests="1"
acceptCount="600"/>
<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="10000"/>
2. 配置 web.xml
在web.xml添加配置如下,如果存在部分链接不需要自动跳转https,可以在前面添加一个 security-constraint配置,默认全部http链接自动跳转到https
<!-- 部分链接不跳转https -->
<security-constraint>
<web-resource-collection>
<web-resource-name>http</web-resource-name>
<url-pattern>/order/return1</url-pattern>
<url-pattern>/order/return2</url-pattern>
</web-resource-collection>
</security-constraint>
<!-- 其它链接跳转https -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
网友评论