一 https和ssL

HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。 它是一个URI scheme(抽象标识符体系),句法类同http:体系。用于安全的HTTP数据传输。https:URL表明它使用了HTTP,但HTTPS存在不同于HTTP的默认端口及一个加密/身份验证层(在HTTP与TCP之间)。这个系统的最初研发由网景公司(Netscape)进行,并内置于其浏览器Netscape Navigator中,提供了身份验证与加密通讯方法。

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are technologies which allow web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.

TLS(全称:Transport Layer Security), 它的前身是SSL(全称:Secure Sockets Layer)。是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。

Another important aspect of the SSL/TLS protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.

二 Tomcat创建https访问

详细官方文档:http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

1. 生成keystore文件

注意生成的过程,后面会发现其实name是为了限定域名。

Windows:

"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

  -keystore \path\to\my\keystore

Unix:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
  -keystore /path/to/my/keystore
 

2. 修改tomcat/conf/server.xml

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector

           protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="${user.home}/.keystore" keystorePass="changeit"

           clientAuth="false" sslProtocol="TLS"/>

注意keystore文件位置以及密码。

3.启动一个web项目

 Using CATALINA_BASE:   "C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest"

 Using CATALINA_HOME:   "D:\Java\apache-tomcat-8.0.33"

 Using CATALINA_TMPDIR: "D:\Java\apache-tomcat-8.0.33\temp"

 Using JRE_HOME:        "D:\Java\jdk1.8.0_73"

 Using CLASSPATH:       "D:\Java\apache-tomcat-8.0.33\bin\bootstrap.jar;D:\Java\apache-tomcat-8.0.33\bin\tomcat-juli.jar"

 Connected to the target VM, address: '127.0.0.1:6611', transport: 'socket'

 09-Jun-2016 17:58:58.412 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.0.33

 09-Jun-2016 17:58:58.416 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Mar 18 2016 20:31:49 UTC

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.0.33.0

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Windows 10

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            10.0

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             D:\Java\jdk1.8.0_73\jre

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_73-b02

 09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation

 09-Jun-2016 17:58:58.418 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest

 09-Jun-2016 17:58:58.419 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         D:\Java\apache-tomcat-8.0.33

 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:6611,suspend=y,server=n

 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote=

 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.port=1099

 09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.ssl=false

 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.authenticate=false

 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.rmi.server.hostname=127.0.0.1

 09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest\conf\logging.properties

 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=D:\Java\apache-tomcat-8.0.33\endorsed

 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest

 09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\Java\apache-tomcat-8.0.33

 09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\Java\apache-tomcat-8.0.33\temp

 09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:\Java\jdk1.8.0_73\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;;D:\Java\jdk1.8.0_73\bin;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\MySQL\MySQL Server 5.6\bin;C:\Program Files\Redis\;D:\Java\gradle-2.12\bin;C:\Program Files (x86)\Calibre2\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\;D:\workspace\springboot\spring-1.4.0.BUILD-SNAPSHOT\bin;D:\Java\apache-maven-3.3.9\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;D:\data\sqlite;.

 09-Jun-2016 17:58:58.691 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]

 09-Jun-2016 17:58:58.771 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read

 09-Jun-2016 17:58:58.777 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8443"]

 09-Jun-2016 17:58:59.120 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read

 09-Jun-2016 17:58:59.121 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]

 09-Jun-2016 17:58:59.124 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read

 09-Jun-2016 17:58:59.125 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1454 ms

 09-Jun-2016 17:58:59.186 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina

 09-Jun-2016 17:58:59.187 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.33

 09-Jun-2016 17:58:59.202 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]

 09-Jun-2016 17:58:59.218 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]

 09-Jun-2016 17:58:59.222 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]

 09-Jun-2016 17:58:59.226 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 99 ms

4.测试访问

三 java请求https

采用httpclient4.3+

ssl需要制定证书,这里首先忽略证书访问:

public static HttpClient getClient(boolean isSSL) {
    if (isSSL) {
        try {
            SSLContext sslContext = new SSLContextBuilder()
                    .loadTrustMaterial(new TrustSelfSignedStrategy()).build();
            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                    sslContext);
            return HttpClients.custom().setSSLSocketFactory(sslsf).build();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
    }

    return httpclient;
}

Test:

显然,最初设置证书的时候的名字就是域名,于是需要重置证书后重启项目:

结果正常:

提供keystore:

@Test

    public void testHttpsWithCertification() throws Exception{

        // Trust own CA and all self-signed certs

        SSLContext sslcontext = SSLContexts.custom()

                .loadTrustMaterial(new File("my.keystore"), "123456".toCharArray(),

                        new TrustSelfSignedStrategy())

                .build();

        // Allow TLSv1 protocol only

        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(

                sslcontext,

                new String[] { "TLSv1" },

                null,

                SSLConnectionSocketFactory.getDefaultHostnameVerifier());

        CloseableHttpClient httpclient = HttpClients.custom()

                .setSSLSocketFactory(sslsf)

                .build();

        try {

            HttpGet httpget = new HttpGet("https://localhost:8443/hello/list");

            System.out.println("Executing request " + httpget.getRequestLine());

            CloseableHttpResponse response = httpclient.execute(httpget);

            try {

                HttpEntity entity = response.getEntity();

                System.out.println("----------------------------------------");

                System.out.println(response.getStatusLine());

                System.out.println(EntityUtils.toString(entity));

            } finally {

                response.close();

            }

        } finally {

            httpclient.close();

        }

    }
 

Tomcat创建HTTPS访问,java访问https的更多相关文章

  1. Spring boot 配置https 实现java通过https接口访问

    近来公司需要搭建一个https的服务器来调试接口(服务器用的spring boot框架),刚开始接触就是一顿百度,最后发现互联网认可的https安全链接的证书需要去CA认证机构申请,由于是调试阶段就采 ...

  2. IDEA与Tomcat创建并运行Java Web项目及servlet的简单实现

    创建Web项目 1. File -> New Project ,进入创建项目窗口 2.在 WEB-INF 目录下点击右键, New -> Directory ,创建  classes 和  ...

  3. Java访问HTTPS时证书验证问题

    为了尽可能避免安全问题,公司的很多系统服务都逐步https化,虽然开始过程会遇到各种问题,但趋势不改.最完美的https应用是能实现双向认证,客户端用私钥签名用服务端公钥加密,服务端用私钥签名客户端都 ...

  4. Https、OpenSSL自建CA证书及签发证书、nginx单向认证、双向认证及使用Java访问

    0.环境 本文的相关源码位于 https://github.com/dreamingodd/CA-generation-demo 必须安装nginx,必须安装openssl,(用apt-get upd ...

  5. 使用poco 的NetSSL_OpenSSL 搭建https 服务端,使用C++客户端,java 客户端访问,python访问(python还没找到带证书访问的代码.)

    V20161028 由于项目原因,需要用到https去做一些事情. 这儿做了一些相应的研究. 这个https 用起来也是折腾人,还是研究了一周多+之前的一些积累. 目录 1,java client 通 ...

  6. HTTP 403 ,tomcat配置HTTPS,无法访问 返回状态码HTTP 403

    为了将本机(windows系统)启动的应用以HTTPS的形式访问, 利用Keytool 生成证书之后.在tomcat的server.xml中将配置修改为如下: <Connector port=& ...

  7. 如何使用Java访问双向认证的Https资源

    本文的相关源码位于 https://github.com/dreamingodd/CA-generation-demo 0.Nginx配置Https双向认证 首先配置Https双向认证的服务器资源. ...

  8. Tomcat应用访问SSL或https失败的解决办法

    一,首先,解决unable to find valid certification path to requested target的问题. 其实就是要生成证书, 让tomcat读取证书 import ...

  9. java ssl https 连接详解 生成证书 tomcat keystone

    java ssl https 连接详解 生成证书 我们先来了解一下什么理HTTPS 1. HTTPS概念 1)简介 HTTPS(全称:Hypertext Transfer Protocol over ...

随机推荐

  1. EL表达式判断

    今天在做开发时遇到个小问题,就百度一番很快找到答案.这里记一下免得以后到处找... 在项目中显示项目名称时因为名字太长所以影响我的样式问题. 解决办法就是将固定长度之后的用"..." ...

  2. (转载)开始iOS 7中自动布局教程(一)

    这篇教程的前半部分被翻译出来很久了,我也是通过这个教程学会的IOS自动布局.但是后半部分(即本篇)一直未有翻译,正好最近跳坑翻译,就寻来这篇教程,进行翻译.前半部分已经转载至本博客,后半部分即本篇.学 ...

  3. Silverlight 使用DataContractJsonSerializer序列化与反序列化 Json

    环境说明:Silverlight 5.1,.Net Framework  ​4.0 1.添加引用System.ServiceModel.Web.dll. 因为 System.Runtime.Seria ...

  4. Microsoft开源跨平台的序列化库——Bond

    上个月Microsoft开源了Bond,一个跨平台的模式化数据处理框架.Bond支持跨语言的序列化/反序列化,支持强大的泛型机制能够对数据进行有效地处理.该框架在Microsoft公司内部的高扩展服务 ...

  5. Mono 3.2 上跑NUnit测试

    NUnit是一款堪与JUnit齐名的开源的回归测试框架,供.net开发人员做单元测试之用,可以从www.nunit.org网站上免费获得,最新版本是2.5.Mono 3.2 源码安装的,在/usr/b ...

  6. 玩转JavaScript OOP[3]——彻底理解继承和原型链

    概述 上一篇我们介绍了通过构造函数和原型可以实现JavaScript中的“类”,由于构造函数和函数的原型都是对象,所以JavaScript的“类”本质上也是对象.这一篇我们将介绍JavaScript中 ...

  7. C#+OpenGL+FreeType显示3D文字(1) - 从TTF文件导出字形贴图

    C#+OpenGL+FreeType显示3D文字(1) - 从TTF文件导出字形贴图 +BIT祝威+悄悄在此留下版了个权的信息说: 最近需要用OpenGL绘制文字,这是个很费时费力的事.一般的思路就是 ...

  8. Tomcat7基于Redis的Session共享实战二

    目前,为了使web能适应大规模的访问,需要实现应用的集群部署.集群最有效的方案就是负载均衡,而实现负载均衡用户每一个请求都有可能被分配到不固定的服务器上,这样我们首先要解决session的统一来保证无 ...

  9. C#并行编程系列-文章导航

    菜鸟初步学习,不对的地方请大神指教,参考<C#并行编程高级教程.pdf> 目录 C#并行编程-相关概念 C#并行编程-Parallel C#并行编程-Task C#并行编程-并发集合 C# ...

  10. iOS 数据库的增删改查(OC版)

    自己写了几个方法来实现数据的增删改查功能: 首先在TARGETS--->>Build phases里面添加数据库所关联的库文件libsqlite3.tbd 添加完以后,在控制器上添加 #i ...