The only way to get https going is to write the appropriate connector on the server.xml
file under the <service>
tag. Once you setup the connector you can access all applications in the server with http or https. The only difference is what connector gets used. Typically the connectors for http and https look like these:
<Connector port="80" protocol="HTTP/1.1"
maxThreads="150" connectionTimeout="20000"
redirectPort="443"
URIEncoding="UTF-8" compression="on"/>
<Connector port="443" protocol="HTTP/1.1"
maxThreads="150" connectionTimeout="20000"
SSLEnabled="true" scheme="https" secure="true"
keystoreFile="conf/.keystore"
keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8" compression="on"/>
You can then force your application to always use https by adding the transport-guarantee
tag to web.xml
which ends up something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrators</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
You can change the transport-guarantee
for the different web resources you define. Thus allowing you to protect certain parts of the site and not others.
At the very end having the connector in server.xml
does not force you yo use https for all applications. It only allows the use of the https connector.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…