Tomcat/Spring SSL 配置
我正在尝试配置我的 Spring 应用程序以使用我从 CA 购买的 SSL 证书。我按照 Tomcat 6.0 配置 的说明进行操作,并导入了将密钥插入我的 Tomcat 密钥库并取消注释 server.xml 中的 SSL 连接器。当我启动 Tomcat 时,我在 Tomcat 日志中看到连接器在端口 8443 上启动,但是当我转到 https://example. com:8443 或 http://example.com:8443 或 https://example.com (没有空格 - 我没有发布链接的声誉),它会超时。我还需要进行哪些其他配置才能为我的 Spring 应用程序启用 SSL。我必须更改应用程序配置吗?
我还想只拥有一些通过 SSL 的 URL(登录、编辑个人资料等)。我怎样才能在 Spring 配置中允许这种情况?如果我必须通过 SSL 访问所有 URL,那也可以,但不可取。我还没有找到任何针对 Spring 的教程。
I'm trying to configure my Spring application to use an SSL certificate I purchased from a CA. I followed the directions for the Tomcat 6.0 configuration and have imported the key into my Tomcat keystore and uncommented the SSL connector in the server.xml. When I start Tomcat, I see the connector start on port 8443 in the Tomcat logs, but when I go to https://example.com:8443 or http: //example.com:8443 or https: //example.com (without the spaces - I don't have the reputation to post links), it times out. What other configuration do I need to do to enable SSL for my Spring application. Do I have to change the application configuration?
I'd also like to only have some URLs over SSL (login, edit profile, etc.). How can I allow this in the Spring configuration? If I have to have all URLs accessible over SSL, that would be ok, but not desirable. I haven't found any tutorials that are Spring specific.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您需要做的是编辑
server.xml文件以启用 ssl。这是 Tomcat 的指南,请查看:http://tomcat.apache。 org/tomcat-6.0-doc/ssl-howto.html
为了以编程方式了解请求是否通过端口 80 或 443 到达,您需要检查返回的值
request.isSecure()。为了完全保护 URL,我建议使用过滤器。
我不记得 Spring 是如何处理所有这些的,但我认为获取请求对象不会有任何问题。
希望有帮助。
What you'll need to do is to edit your
server.xmlfile to enable ssl. Here's Tomcat's guide, please check it out:http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
In order to programmatically know if a request has arrived through port 80 or 443, you need to inspect the value returned by
request.isSecure().To secure URLs altogether, I'd recommend using a Filter.
I don't remember how all of this is handled by Spring, but I don't think you'll have any problems to obtain the request object.
Hope that helps.
在按照 @mschonaker 引用的文档配置 Tomcat 后,最简单的事情就是在 j_security_check 中定义操作并编辑配置文件表单等,指定 https: 协议,例如在 Facelet 中, https://#{request.serverName}:8443#{request.contextPath}/j_security_check。然后,当用户点击登录按钮时,表单将通过 HTTPS 进行 POST,因此它们是安全的。
这会让您在会话的其余部分中处于 HTTPS 状态:要返回 HTTP 但仍保留在同一会话中,只需提供指向完全指定的 HTTP url 的链接,例如在 Facelet 中,http://#{request.serverName}:8443#{request.contextPath}/一些链接。
如果您希望在读取时保护其他页面,请在 web.xml 中为它们定义适当的安全约束、用户数据约束和传输保证机密元素。
After you've configured Tomcat as per the document cited by @mschonaker, he simplest thing is to define the action in the j_security_check and edit profile forms, etc, specify the https: protocol, e.g. in a Facelet, https://#{request.serverName}:8443#{request.contextPath}/j_security_check. Then when the user hits the login button, the form POSTs via HTTPS, so they are secure.
This leaves you in HTTPS for the rest of the session: to get back to HTTP but still stay in the same session, just provide a link to a fully-specified HTTP url, e.g. in a Facelet, http://#{request.serverName}:8443#{request.contextPath}/some link.
If you have other pages you want secured when read, define appropriate security-constraint, user-data-constraint, and transport-guarantee CONFIDENTIAL elements for them in web.xml.
关于第二点,
我还想只拥有一些通过 SSL 的 URL(登录、编辑个人资料等)。 ???
您可以通过修改web.xml中的配置来确定它
希望对你有帮助
about the second point
I'd also like to only have some URLs over SSL (login, edit profile, etc.). ???
you could determine it by modify configration in web.xml
hope that help you