How do you start a java servlet over https?

2019-03-16 23:45发布

站内问答 / Java
1530 3 5

I am trying to run a servlet on tomcat in eclipse. When i do run on server, the servlet runs and provides me with a link like follows:

"http://localhost:8443/AuthServer/Server"

I have configured my Tomcat server for SSL as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\owner\.keystore" keystorePass="sheetalkshirsagar">

When I run the servlet on server it still uses http. I want my link to the servlet to be "https://..." instead of "http://..". How do you do that?

3条回答
聊天终结者
2楼-- · 2019-03-17 00:19

If I understand your problem correctly, you are publishing a URL for http from a web page served by your servlet.
If you need to change the request to be https instead you should redirect your plain http connector (in port 80 or 8080 where you have it) to connector for port 443.
If you google tomcat redirect http to https you wil find plenty of links e.g. redirect tomcat to https

But I would recomend that you did not redirect if you are interested in real security

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
3楼-- · 2019-03-17 00:23

If you want to be sure to use the https protocol when you send request to that servlet you need to change the WEB-INF/web.xml file in your web application. In your case add this configuration params:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AuthServer</web-resource-name>
        <url-pattern>/Server</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
查看更多
0人赞 添加讨论(0) 举报
不美不萌又怎样
4楼-- · 2019-03-17 00:30

In TOMCAT_HOME/conf folder, there’s a file named web.xml. In there, you have to add a security-constraint element.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>secured page</web-resource-name>
        <url-pattern>/...</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Make sure that <url-pattern> matches your path that you want to be secured.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)