1.1 生成keystore文件及导出证书
步奏1:打开控制台,运行:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
(如果你已经配置过javahome,直接输入)
keytool -genkey -alias tomcat -keyalg RSA
首先会要求输入密码,这里使用123123
步奏2:输入基本信息 (除了名称与姓氏其他都可以直接回车)
输入密钥库口令: 再次输入新口令: 您的名字与姓氏是什么? [Unknown]: tuhao(这里可以输入你的项目的域名:如localhost) 您的组织单位名称是什么? [Unknown]: tuhaojia 您的组织名称是什么? [Unknown]: fnic 您所在的城市或区域名称是什么? [Unknown]: didu 您所在的省/市/自治区名称是什么? [Unknown]: didu 该单位的双字母国家/地区代码是什么? [Unknown]: cn CN=tuhao, OU=tuhaojia, O=fnic, L=didu, ST=didu, C=cn是否正确? [否]: y
之后输入 <tomcat> 的密钥口令 (如果和密钥库口令相同, 按回车):
步奏3:拷贝keystore文件
完毕后会在当前目录下,会产生一个:.keystore文件,window系统默认在“C:\Users\你机器的名称” 下,将它拷贝到tomcat的bin目录下。
步奏4:导出证书
从控制台进入tomcat的bin目录,本机环境是:D:\Tomcat7\bin> ,然后输入:
D:\Tomcat7\bin>keytool -selfcert -alias tomcat -keystore .keystore
D:\Tomcat7\bin>keytool -export -alias tomcat -keystore .keystore -storepass 你的密码(这里是123123) -rfc -file tomcat.cer
此时会在D:\Tomcat7\bin>下生成tomcat.cer证书文件。
1.2 配置tomcat
步奏1:
打开tomcat目录下的/conf/server.xml 找到“SSL HTTP/1.1 Connector” 那一块,取消注释并将它改成:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="bin/.keystore" keystorePass="123123"
clientAuth="false" sslProtocol="TLS"/>
请注意,这里我已经将tomcat的端口改成了80,相应的,https的端口我也改成了443(即默认的https端口)。
接下来重启tomcat,用https:// localhost/访问网站验证一下就行了。
可选步奏:
在tomcat的conf目录下的web.xml文件下配置以下内容则可以强制让整个项目使用https访问,请根据需求配置。
<security-constraint> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
3 创建项目访问
注意:从https下的链接跳转到http的连接会造成session丢失,原因在于tomcat会给不同协议的请求创建不同的cookie
,并生成不同的sessionid,所以造成与服务端的session索引失败而无法获取session数据。
解决方法:可以编写一个过滤器,对所有的请求做处理,如果session是新的https session,则创建一个JSESSIONID cookie,
并设置到Servlet Response中,这样就突破了tomcat的限制,把https下的session传递到http协议下
3.1 建立Wrapper类,用于处理所有的Serverlet Request:
import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; //处理所有的Serverlet Request public class MyRequestWrapper extends HttpServletRequestWrapper { private HttpServletResponse response = null; public MyRequestWrapper(HttpServletRequest request) { super(request); } public void setResponse(HttpServletResponse response) { this.response = response; } public HttpSession getSession() { HttpSession session = super.getSession(); processSessionCookie(session); return session; } public HttpSession getSession(boolean create) { HttpSession session = super.getSession(create); processSessionCookie(session); return session; } /** * 当从https重定向到http时,tomcat会创建一个新的sessionid,所以造成session跟踪不到, * 这里获取先从cookie中获取sessionid,保存到新的cookie * @param session */ private void processSessionCookie(HttpSession session) { if (null == response || null == session) { // No response or session object attached, skip the pre processing return; } // cookieOverWritten - 用于过滤多个Set-Cookie头的标志 Object cookieOverWritten = getAttribute("COOKIE_OVERWRITTEN_FLAG"); if (null == cookieOverWritten && isSecure() && isRequestedSessionIdFromCookie() && session.isNew()) { // 当是https协议,且新session时,创建JSESSIONID cookie以欺骗浏览器 Cookie cookie = new Cookie("JSESSIONID", session.getId()); cookie.setMaxAge(-1); // 有效时间为浏览器打开或超时 String contextPath = getContextPath(); if ((contextPath != null) && (contextPath.length() > 0)) { cookie.setPath(contextPath); } else { cookie.setPath("/"); } response.addCookie(cookie); // 增加一个Set-Cookie头到response setAttribute("COOKIE_OVERWRITTEN_FLAG", "true");// 过滤多个Set-Cookie头的标志 } } }
3.2 再把上述Wrapper类与Filter建立关联:
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class HttpsFilter implements Filter { @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)resp; MyRequestWrapper myrequest = new MyRequestWrapper(request); myrequest.setResponse(response); chain.doFilter(myrequest, response); } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }
3.3 控制层执行代码
import java.io.IOException; import java.util.UUID; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import entity.User; public class AdminServlet extends HttpServlet { /** * */ private static final long serialVersionUID = 7179221326322012461L; public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String action = request.getParameter("action"); if("login".equals(action)){ login(request,response); } else if("index".equals(action)){ index(request, response); } else if("httplink".equals(action)){ httplink(request,response); } else if("tohttps".equals(action)){ tohttps(request,response); } else if("httpslink".equals(action)){ httpslink(request,response); } else if("tohttp".equals(action)){ tohttp(request,response); } } public void login(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException{ /*Cookie cookie = new Cookie("JSESSIONID", request.getSession().getId()); response.addCookie(cookie); // */ response.setContentType("text/html;charset=utf-8"); String username = request.getParameter("username"); String password = request.getParameter("password"); User user = new User(); user.setId(UUID.randomUUID().toString().replaceAll("-", "")); user.setUserName(username); user.setPassword(password); request.getSession().setAttribute("user", user); System.out.println(request.getRequestURI()); System.out.println(request.getRequestURL()); System.out.println(request.getContextPath()); System.out.println(request.getLocalName()); System.out.println(request.getLocalPort()); //重定向到http response.sendRedirect("http://"+request.getServerName()+":"+"80"+request.getContextPath()+"/admin?action=index"); } public void index(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{ request.getRequestDispatcher("/WEB-INF/page/index.jsp").forward(request, response); System.out.println("主页的sessionid:"+request.getSession(false).getId()); Cookie[] cookies = request.getCookies(); for (Cookie c : cookies) { if (c.getName().equalsIgnoreCase("JSESSIONID")) { System.out.println("cookie中的sessionid:"+c.getValue()); } } } public void httpslink(HttpServletRequest request,HttpServletResponse response) throws IOException{ response.sendRedirect("https://"+request.getServerName()+request.getContextPath()+"/admin?action=tohttps"); } public void tohttps(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{ request.getRequestDispatcher("/WEB-INF/page/https.jsp").forward(request, response); System.out.println("https页面的sessionid:"+request.getSession(false).getId()); Cookie[] cookies = request.getCookies(); for (Cookie c : cookies) { if (c.getName().equalsIgnoreCase("JSESSIONID")) { System.out.println("cookie中的sessionid:"+c.getValue()); } } } public void httplink(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{ response.sendRedirect("http://"+request.getServerName()+":"+"80"+request.getContextPath()+"/admin?action=tohttp"); } public void tohttp(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{ request.getRequestDispatcher("/WEB-INF/page/index.jsp").forward(request, response); System.out.println("http页面的sessionid:"+request.getSession(false).getId()); Cookie[] cookies = request.getCookies(); for (Cookie c : cookies) { if (c.getName().equalsIgnoreCase("JSESSIONID")) { System.out.println("cookie中的sessionid:"+c.getValue()); } } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
3.4 页面代码
login.jsp
<body> <form action="${pageContext.request.contextPath}/admin?action=login" method="post"> 账号:<input id="username" name="username" type="text" ><br/> 密码:<input id="password" name="password" type="text" ><br/> <input id="btn" type="submit" value="登录"> </form> <script type="text/javascript"> //强制让页面发送https请求 var targetProtocol = "https:"; if (window.location.protocol != targetProtocol) window.location.href = targetProtocol + window.location.href.substring(window.location.protocol.length); </script> </body>
index.jsp
<body> <table> <tr> <th>id:</th> <th>账号:</th> <th>密码:</th> </tr> <tr> <td>${sessionScope.user.id}</td> <td>${sessionScope.user.userName}</td> <td>${sessionScope.user.password}</td> </tr> </table> <a href="${pageContext.request.contextPath}/admin?action=httpslink" >跳转到https</a> </body>
https.jsp
<body> <table> <tr> <th>id:</th> <th>账号:</th> <th>密码:</th> </tr> <tr> <td>${sessionScope.user.id}</td> <td>${sessionScope.user.userName}</td> <td>${sessionScope.user.password}</td> </tr> </table> <a href="${pageContext.request.contextPath}/admin?action=httplink" >跳转到http</a> </body>