Tomcat创建HTTPS访问,java访问https
一 https和ssL
HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。 它是一个URI scheme(抽象标识符体系),句法类同http:体系。用于安全的HTTP数据传输。https:URL表明它使用了HTTP,但HTTPS存在不同于HTTP的默认端口及一个加密/身份验证层(在HTTP与TCP之间)。这个系统的最初研发由网景公司(Netscape)进行,并内置于其浏览器Netscape Navigator中,提供了身份验证与加密通讯方法。
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are technologies which allow web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
TLS(全称:Transport Layer Security), 它的前身是SSL(全称:Secure Sockets Layer)。是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
Another important aspect of the SSL/TLS protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.
二 Tomcat创建https访问
详细官方文档:http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
1. 生成keystore文件
注意生成的过程,后面会发现其实name是为了限定域名。
Windows:
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
-keystore \path\to\my\keystoreUnix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-keystore /path/to/my/keystore
2. 修改tomcat/conf/server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
注意keystore文件位置以及密码。
3.启动一个web项目
Using CATALINA_BASE: "C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest"
Using CATALINA_HOME: "D:\Java\apache-tomcat-8.0.33"
Using CATALINA_TMPDIR: "D:\Java\apache-tomcat-8.0.33\temp"
Using JRE_HOME: "D:\Java\jdk1.8.0_73"
Using CLASSPATH: "D:\Java\apache-tomcat-8.0.33\bin\bootstrap.jar;D:\Java\apache-tomcat-8.0.33\bin\tomcat-juli.jar"
Connected to the target VM, address: '127.0.0.1:6611', transport: 'socket'
09-Jun-2016 17:58:58.412 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.33
09-Jun-2016 17:58:58.416 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar 18 2016 20:31:49 UTC
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.0.33.0
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows 10
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: D:\Java\jdk1.8.0_73\jre
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_73-b02
09-Jun-2016 17:58:58.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
09-Jun-2016 17:58:58.418 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest
09-Jun-2016 17:58:58.419 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:\Java\apache-tomcat-8.0.33
09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:6611,suspend=y,server=n
09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote=
09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.port=1099
09-Jun-2016 17:58:58.420 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.ssl=false
09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcom.sun.management.jmxremote.authenticate=false
09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.rmi.server.hostname=127.0.0.1
09-Jun-2016 17:58:58.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest\conf\logging.properties
09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=D:\Java\apache-tomcat-8.0.33\endorsed
09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\Users\miaorf\.IntelliJIdea2016.1\system\tomcat\Unnamed_spmvtest
09-Jun-2016 17:58:58.422 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\Java\apache-tomcat-8.0.33
09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\Java\apache-tomcat-8.0.33\temp
09-Jun-2016 17:58:58.423 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:\Java\jdk1.8.0_73\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;;D:\Java\jdk1.8.0_73\bin;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\MySQL\MySQL Server 5.6\bin;C:\Program Files\Redis\;D:\Java\gradle-2.12\bin;C:\Program Files (x86)\Calibre2\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\;D:\workspace\springboot\spring-1.4.0.BUILD-SNAPSHOT\bin;D:\Java\apache-maven-3.3.9\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;D:\data\sqlite;.
09-Jun-2016 17:58:58.691 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
09-Jun-2016 17:58:58.771 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
09-Jun-2016 17:58:58.777 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8443"]
09-Jun-2016 17:58:59.120 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
09-Jun-2016 17:58:59.121 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
09-Jun-2016 17:58:59.124 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
09-Jun-2016 17:58:59.125 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1454 ms
09-Jun-2016 17:58:59.186 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina
09-Jun-2016 17:58:59.187 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.33
09-Jun-2016 17:58:59.202 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
09-Jun-2016 17:58:59.218 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]
09-Jun-2016 17:58:59.222 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
09-Jun-2016 17:58:59.226 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 99 ms
4.测试访问
三 java请求https
采用httpclient4.3+
ssl需要制定证书,这里首先忽略证书访问:
public static HttpClient getClient(boolean isSSL) {
if (isSSL) {
try {
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
return httpclient;
}
Test:
显然,最初设置证书的时候的名字就是域名,于是需要重置证书后重启项目:
结果正常:
提供keystore:
@Test
public void testHttpsWithCertification() throws Exception{
// Trust own CA and all self-signed certs
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(new File("my.keystore"), "123456".toCharArray(),
new TrustSelfSignedStrategy())
.build(); // Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] { "TLSv1" },
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
try { HttpGet httpget = new HttpGet("https://localhost:8443/hello/list"); System.out.println("Executing request " + httpget.getRequestLine()); CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(entity));
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
Tomcat创建HTTPS访问,java访问https的更多相关文章
- Spring boot 配置https 实现java通过https接口访问
近来公司需要搭建一个https的服务器来调试接口(服务器用的spring boot框架),刚开始接触就是一顿百度,最后发现互联网认可的https安全链接的证书需要去CA认证机构申请,由于是调试阶段就采 ...
- IDEA与Tomcat创建并运行Java Web项目及servlet的简单实现
创建Web项目 1. File -> New Project ,进入创建项目窗口 2.在 WEB-INF 目录下点击右键, New -> Directory ,创建 classes 和 ...
- Java访问HTTPS时证书验证问题
为了尽可能避免安全问题,公司的很多系统服务都逐步https化,虽然开始过程会遇到各种问题,但趋势不改.最完美的https应用是能实现双向认证,客户端用私钥签名用服务端公钥加密,服务端用私钥签名客户端都 ...
- Https、OpenSSL自建CA证书及签发证书、nginx单向认证、双向认证及使用Java访问
0.环境 本文的相关源码位于 https://github.com/dreamingodd/CA-generation-demo 必须安装nginx,必须安装openssl,(用apt-get upd ...
- 使用poco 的NetSSL_OpenSSL 搭建https 服务端,使用C++客户端,java 客户端访问,python访问(python还没找到带证书访问的代码.)
V20161028 由于项目原因,需要用到https去做一些事情. 这儿做了一些相应的研究. 这个https 用起来也是折腾人,还是研究了一周多+之前的一些积累. 目录 1,java client 通 ...
- HTTP 403 ,tomcat配置HTTPS,无法访问 返回状态码HTTP 403
为了将本机(windows系统)启动的应用以HTTPS的形式访问, 利用Keytool 生成证书之后.在tomcat的server.xml中将配置修改为如下: <Connector port=& ...
- 如何使用Java访问双向认证的Https资源
本文的相关源码位于 https://github.com/dreamingodd/CA-generation-demo 0.Nginx配置Https双向认证 首先配置Https双向认证的服务器资源. ...
- Tomcat应用访问SSL或https失败的解决办法
一,首先,解决unable to find valid certification path to requested target的问题. 其实就是要生成证书, 让tomcat读取证书 import ...
- java ssl https 连接详解 生成证书 tomcat keystone
java ssl https 连接详解 生成证书 我们先来了解一下什么理HTTPS 1. HTTPS概念 1)简介 HTTPS(全称:Hypertext Transfer Protocol over ...
随机推荐
- Mysql的用户名密码设置方法
方法如下: 1, 关闭mysql服务 /etc/init.d/mysqld stop 2,使用 –skip-grant-tables选项启动mysql服务,可以修 改/etc/inin.d/mysql ...
- 使用nmap工具查询局域网某个网段正在使用的ip地址
linux下nmap工具可扫描局域网正在使用的ip地址 查询局域网某网段正在使用的ip地址: nmap -sP .* 以上命令,将打印10.10.70.*/24网络所有正在使用的ip地址
- 安装jdk
检查已安装jdk,如果有,先删除 rpm -qa|grep java rpm -e --nodeps filename 从oracle官方网站下载jdk安装包:jdk-8u111-linux-x64. ...
- 简化 Web 应用程序与 Windows Azure Active Directory、ASP.NET 和 Visual Studio 的集成
大家好! 今天的博文深入讨论我们今天推出的开发人员工具和框架中的一些新功能.我们通过与 ASP.NET 和 Visual Studio 团队合作开发了一些重大的增强功能,让开发人员能够轻松使用 Win ...
- Logging with NLog
相比较log4net, 我更喜欢NLog, 因为NLog 更简单, 而且配置选项也更加的清楚,可能是因为log4net 是从log4j 移植过来的一个原因吧,总感觉有很多的java 成分在. 要使用N ...
- UI控件(UIToolbar)
@implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; _toolbar = [[UIToolbar all ...
- 剑指Offer面试题:19.包含Min函数的栈
一.题目:包含Min函数的栈 题目:定义栈的数据结构,请在该类型中实现一个能够得到栈的最小元素的min函数.在该栈中,调用min.push及pop的时间复杂度都是O(1). 这里我们要实现的就是min ...
- C# 6.0 功能预览 (二)
在Language Feature Status上面看到,其实更新的并不是特别多,为了不会误导看了C# 6.0 功能预览 (一)的园友,现在把官方的更新列表拿了过来,供大家参考 Roslyn 编译平台 ...
- delegate、notification、KVO场景差别
delegate: 编译器会给出没有实现代理方法的警告 一对一 使用weak而不是assign,或者vc消失时置为nil 可以传递参数,还可以接收返回值 notification: 编译期无法排错 一 ...
- ASP.NET MVC 5 - 验证编辑方法(Edit method)和编辑视图(Edit view)
在本节中,您将验证电影控制器生成的编辑方法(Edit action methods)和视图.但是首先将修改点代码,使得发布日期属性(ReleaseDate)看上去更好.打开Models \ Movie ...