zoukankan      html  css  js  c++  java
  • tomcat下的https项目创建与部署

    1.1 生成keystore文件及导出证书

      步奏1:打开控制台,运行:

    %JAVA_HOME%inkeytool -genkey -alias tomcat -keyalg RSA

      (如果你已经配置过javahome,直接输入)

    keytool -genkey -alias tomcat -keyalg RSA

      首先会要求输入密码,这里使用123123

      步奏2:输入基本信息 (除了名称与姓氏其他都可以直接回车)

    输入密钥库口令:
    再次输入新口令:
    您的名字与姓氏是什么?
    [Unknown]: tuhao(这里可以输入你的项目的域名:如localhost)
    您的组织单位名称是什么?
    [Unknown]: tuhaojia
    您的组织名称是什么?
    [Unknown]: fnic
    您所在的城市或区域名称是什么?
    [Unknown]: didu
    您所在的省/市/自治区名称是什么?
    [Unknown]: didu
    该单位的双字母国家/地区代码是什么?
    [Unknown]: cn
    CN=tuhao, OU=tuhaojia, O=fnic, L=didu, ST=didu, C=cn是否正确?
    [否]: y

     之后输入 <tomcat> 的密钥口令 (如果和密钥库口令相同, 按回车): 

      步奏3:拷贝keystore文件

     完毕后会在当前目录下,会产生一个:.keystore文件,window系统默认在“C:Users你机器的名称” 下,将它拷贝到tomcat的bin目录下。

      步奏4:导出证书

     从控制台进入tomcat的bin目录,本机环境是:D:Tomcat7in> ,然后输入:

    D:Tomcat7in>keytool -selfcert -alias tomcat -keystore .keystore
    
    D:Tomcat7in>keytool -export -alias tomcat -keystore .keystore -storepass 你的密码(这里是123123) -rfc -file tomcat.cer
    

     此时会在D:Tomcat7in>下生成tomcat.cer证书文件。

      

    1.2 配置tomcat

      步奏1:

     打开tomcat目录下的/conf/server.xml 找到“SSL HTTP/1.1 Connector” 那一块,取消注释并将它改成:

     <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    keystoreFile="bin/.keystore" keystorePass="123123"
    clientAuth="false" sslProtocol="TLS"/>
    

    请注意,这里我已经将tomcat的端口改成了80,相应的,https的端口我也改成了443(即默认的https端口)。

    接下来重启tomcat,用https:// localhost/访问网站验证一下就行了。

      可选步奏:

    在tomcat的conf目录下的web.xml文件下配置以下内容则可以强制让整个项目使用https访问,请根据需求配置。

    	<security-constraint> 
    		   <web-resource-collection > 
    				  <web-resource-name >SSL</web-resource-name> 
    				  <url-pattern>/*</url-pattern> 
    		   </web-resource-collection>
    								 
    		   <user-data-constraint> 
    				  <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
    		   </user-data-constraint> 
    	</security-constraint>
    

    3 创建项目访问

    注意:从https下的链接跳转到http的连接会造成session丢失,原因在于tomcat会给不同协议的请求创建不同的cookie

    ,并生成不同的sessionid,所以造成与服务端的session索引失败而无法获取session数据。

    解决方法:可以编写一个过滤器,对所有的请求做处理,如果session是新的https session,则创建一个JSESSIONID cookie,

    并设置到Servlet Response中,这样就突破了tomcat的限制,把https下的session传递到http协议下

    3.1 建立Wrapper类,用于处理所有的Serverlet Request:

    import javax.servlet.http.Cookie;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletRequestWrapper;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;
    
    //处理所有的Serverlet Request
    public class MyRequestWrapper extends HttpServletRequestWrapper {
    
        private HttpServletResponse response = null;
    
        public MyRequestWrapper(HttpServletRequest request) {
            super(request);
        }
    
        public void setResponse(HttpServletResponse response) {
            this.response = response;
        }
    
        public HttpSession getSession() {
            HttpSession session = super.getSession();
            processSessionCookie(session);
            return session;
        }
    
        public HttpSession getSession(boolean create) {
            HttpSession session = super.getSession(create);
            processSessionCookie(session);
            return session;
        }
    
        /**
         * 当从https重定向到http时,tomcat会创建一个新的sessionid,所以造成session跟踪不到,
         * 这里获取先从cookie中获取sessionid,保存到新的cookie
         * @param session
         */
        private void processSessionCookie(HttpSession session) {
            if (null == response || null == session) {
                // No response or session object attached, skip the pre processing
                return;
            }
    
            // cookieOverWritten - 用于过滤多个Set-Cookie头的标志
            Object cookieOverWritten = getAttribute("COOKIE_OVERWRITTEN_FLAG");
            if (null == cookieOverWritten && isSecure() && isRequestedSessionIdFromCookie() && session.isNew()) {
                // 当是https协议,且新session时,创建JSESSIONID cookie以欺骗浏览器
                Cookie cookie = new Cookie("JSESSIONID", session.getId());
                cookie.setMaxAge(-1); // 有效时间为浏览器打开或超时
                String contextPath = getContextPath();
                if ((contextPath != null) && (contextPath.length() > 0)) {
                    cookie.setPath(contextPath);
                } else {
                    cookie.setPath("/");
                }
                response.addCookie(cookie); // 增加一个Set-Cookie头到response
                setAttribute("COOKIE_OVERWRITTEN_FLAG", "true");// 过滤多个Set-Cookie头的标志
            }
        }
    }

    3.2 再把上述Wrapper类与Filter建立关联:

    import java.io.IOException;
    
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class HttpsFilter implements Filter {
    
        @Override
        public void destroy() {
            // TODO Auto-generated method stub
    
        }
    
        @Override
        public void doFilter(ServletRequest req, ServletResponse resp,
                FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest)req;
            HttpServletResponse response =  (HttpServletResponse)resp;
            
            MyRequestWrapper myrequest = new MyRequestWrapper(request);
            myrequest.setResponse(response);
            chain.doFilter(myrequest, response);
        }
    
        @Override
        public void init(FilterConfig arg0) throws ServletException {
            // TODO Auto-generated method stub
    
        }
    
    }

    3.3 控制层执行代码

    import java.io.IOException;
    import java.util.UUID;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.Cookie;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    import entity.User;
    
    public class AdminServlet extends HttpServlet {
    
    
        /**
         * 
         */
        private static final long serialVersionUID = 7179221326322012461L;
        
        public void doGet(HttpServletRequest request, HttpServletResponse response)
                throws ServletException, IOException {
            String action = request.getParameter("action");
            if("login".equals(action)){
                login(request,response);
            } else if("index".equals(action)){
                index(request, response);
            } else if("httplink".equals(action)){
                httplink(request,response);
            } else if("tohttps".equals(action)){
                tohttps(request,response);
            } else if("httpslink".equals(action)){
                httpslink(request,response);
            } else if("tohttp".equals(action)){
                tohttp(request,response);
            } 
        }
    
    
        public void login(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException{
    
            /*Cookie cookie = new Cookie("JSESSIONID", request.getSession().getId());  
            response.addCookie(cookie); //
    */        response.setContentType("text/html;charset=utf-8");
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            User user = new User();
            user.setId(UUID.randomUUID().toString().replaceAll("-", ""));
            user.setUserName(username);
            user.setPassword(password);
            request.getSession().setAttribute("user", user);
            System.out.println(request.getRequestURI());
            System.out.println(request.getRequestURL());
            System.out.println(request.getContextPath());
            System.out.println(request.getLocalName());
            System.out.println(request.getLocalPort());
            //重定向到http
            response.sendRedirect("http://"+request.getServerName()+":"+"80"+request.getContextPath()+"/admin?action=index");
        }
    
        public void index(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{
            request.getRequestDispatcher("/WEB-INF/page/index.jsp").forward(request, response);
            System.out.println("主页的sessionid:"+request.getSession(false).getId());
            Cookie[] cookies = request.getCookies();
            for (Cookie c : cookies) {
                if (c.getName().equalsIgnoreCase("JSESSIONID")) {
                    System.out.println("cookie中的sessionid:"+c.getValue());
                }
            }
        }
        
        public void httpslink(HttpServletRequest request,HttpServletResponse response) throws IOException{
            response.sendRedirect("https://"+request.getServerName()+request.getContextPath()+"/admin?action=tohttps");
        }
         public void tohttps(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
             request.getRequestDispatcher("/WEB-INF/page/https.jsp").forward(request, response);
             System.out.println("https页面的sessionid:"+request.getSession(false).getId());
                Cookie[] cookies = request.getCookies();
                for (Cookie c : cookies) {
                    if (c.getName().equalsIgnoreCase("JSESSIONID")) {
                        System.out.println("cookie中的sessionid:"+c.getValue());
                    }
                }
         }
         
        public void httplink(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{
            response.sendRedirect("http://"+request.getServerName()+":"+"80"+request.getContextPath()+"/admin?action=tohttp");
        }
         public void tohttp(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
             request.getRequestDispatcher("/WEB-INF/page/index.jsp").forward(request, response);
             System.out.println("http页面的sessionid:"+request.getSession(false).getId());
            Cookie[] cookies = request.getCookies();
            for (Cookie c : cookies) {
                if (c.getName().equalsIgnoreCase("JSESSIONID")) {
                    System.out.println("cookie中的sessionid:"+c.getValue());
                }
            }
         }
         
         
        public void doPost(HttpServletRequest request, HttpServletResponse response)
                throws ServletException, IOException {
    
            doGet(request, response);
        }
    
    }

    3.4 页面代码

    login.jsp

      <body>
      <form action="${pageContext.request.contextPath}/admin?action=login" method="post">
            账号:<input id="username"  name="username" type="text" ><br/>
            密码:<input id="password"  name="password" type="text" ><br/>
        <input id="btn" type="submit" value="登录">
      </form>
        
        
        <script type="text/javascript">
            //强制让页面发送https请求
            var targetProtocol = "https:";
            if (window.location.protocol != targetProtocol)
                window.location.href = targetProtocol + window.location.href.substring(window.location.protocol.length);
        </script>
      </body>

    index.jsp

      <body>
        <table>
            <tr>
                <th>id:</th>
                <th>账号:</th>
                <th>密码:</th>
            </tr>              
            <tr>
                <td>${sessionScope.user.id}</td>
                <td>${sessionScope.user.userName}</td>
                <td>${sessionScope.user.password}</td>
            </tr>
        </table>
        <a href="${pageContext.request.contextPath}/admin?action=httpslink" >跳转到https</a>
      </body>

    https.jsp

    <body>
        <table>
            <tr>
                <th>id:</th>
                <th>账号:</th>
                <th>密码:</th>
            </tr>              
            <tr>
                <td>${sessionScope.user.id}</td>
                <td>${sessionScope.user.userName}</td>
                <td>${sessionScope.user.password}</td>
            </tr>
        </table>
        <a  href="${pageContext.request.contextPath}/admin?action=httplink" >跳转到http</a>
    
      </body>
  • 相关阅读:
    自动化测试常用断言的使用方法
    python接口自动化-有token的接口项目使用unittest框架设计
    postman
    HTML5基础
    HTML基础
    Web常见产品问题及预防
    JSON语法详解
    HTTP协议详解
    接口理论详解
    设计模式之装饰者模式
  • 原文地址:https://www.cnblogs.com/chreless2/p/5151795.html
Copyright © 2011-2022 走看看