tomcat下生成https及httpClient调用https例子
2014-01-19 21:20
281 查看
/**
* 使用HttpClient模拟HTTPS访问
===================================================================================================================================
【配置Tomcat支持SSL(即让Tomcat下的Web应用处于SSL安全通道中)】
===================================================================================================================================
1、生成KeyStore
1)运行-->CMD-->"keytool -genkey -alias Jadyer_SSL_20120508 -keyalg RSA -validity 1024 -keystore D:\Jadyer_SSL_20120508.keystore"
参数说明----->-genkey 表示生成密钥
-alias 指定别名,这里是Jadyer_SSL_20120508
-keyalg 指定算法,这里是RSA
-validity 指定证书有效期,这里是1024天
-keystore 指定存储位置,这里是D:\\Jadyer_SSL_20120508.keystore
2)CMD输出----->输入keystore密码:hongyu75
再次输入新密码:hongyu75
您的名字与姓氏是什么?[Unknown]:127.0.0.1(这里要根据实际情况填写网站域名或者IP,否则会出现证书上的名称无效)
您的组织单位名称是什么?[Unknown]:http://blog.csdn.net/jadyer
您的组织名称是什么?[Unknown]:JavaLover_jadyer
您所在的城市或区域名称是什么?[Unknown]:BJ
您所在的州或省份名称是什么?[Unknown]:BJ_NanTian
该单位的两字母国家代码是什么[Unknown]:CN
CN=127.0.0.1, OU=http://blog.csdn.net/jadyer, O=JavaLover_jadyer, L=BJ, ST=BJ_NanTian, C=CN 正确吗?[否]:Y
输入<Jadyer_SSL_20120508>的主密码(如果和 keystore 密码相同,按回车):这里按回车键
(这里的主密码一定要与keystore密码相同,否则启动Tomcat时就会告诉你java.io.IOException: Cannot recover key)
3)接下来就会按照-keystore参数值在指定位置生成指定的KeyStore文件了
===================================================================================================================================
2、让Tomcat支持SSL
1)将生成的Jadyer_SSL_20120508.keystore拷贝到\\%TOMCAT_HOME%\\conf\\目录中(其它目录也可以)
2)修改\\%TOMCAT_HOME%\\conf\\server.xml文件(大约在85行的位置),新增内容如下
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
keystoreFile="conf/Jadyer_SSL_20120508.keystore" keystorePass="hongyu75"/>
3)这样,我们的Tomcat就支持HTTPS访问了(关于<Connector/>标签中的属性说明,参拜Google大神)
===================================================================================================================================
3、用浏览器访问我们的应用
1)输入https://127.0.0.1:8443/blog会发现你的应用已经处于SSL安全通道中了
此时,如果我们在浏览器里访问http://127.0.0.1:8443/blog会发现,竟然能访问
也就是说,我们虽然启用了HTTPS,但现在还可以绕开HTTPS直接访问HTTP还能,这样HTTPS也就起不到作用了
2)我们可以配置一下\\%TOMCAT_HOME%\\conf\\web.xml文件,使得HTTP的访问能够重定向到HTTPS的连接
修改位置大约为web.xml的1224行,即在</welcome-file-list>标签后面加入下面的内容,即可
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL_App</web-resource-name>
<!-- 指明需要SSL的url -->
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<!-- 指明需要SSL -->
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
public class HttpClientUtil {
public static void main(String[] args)throws Exception{
//String requestUrl = "http://127.0.0.1:8088/test/web/userac";
String requestUrl = "https://127.0.0.1:8443/test/web/userac";
System.out.println(sendSSLRequest(requestUrl));
}
/**
* 发送HTTPS请求
* @param requestUrl 请求的地址
* @return 响应内容
*/
@SuppressWarnings("finally")
public static String sendSSLRequest(String requestUrl){
long responseLength = 0; //响应长度
String responseContent = null; //响应内容
HttpClient httpClient = new DefaultHttpClient(); //创建默认的httpClient实例
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream fis = new FileInputStream(new File("F:\\Tool\\IDE\\Jadyer_SSL_20120508.keystore"));
try {
trustStore.load(fis, "hongyu75".toCharArray()); //加载KeyStore
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
fis.close();
} catch (IOException e) {
e.printStackTrace();
}
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); //创建Socket工厂,将trustStore注入
Scheme sch = new Scheme("https", 8443, socketFactory); //创建Scheme
httpClient.getConnectionManager().getSchemeRegistry().register(sch); //注册Scheme
HttpGet httpGet = new HttpGet(requestUrl); //创建HttpGet
HttpResponse response = httpClient.execute(httpGet); //执行GET请求
HttpEntity entity = response.getEntity(); //获取响应实体
if (null != entity) {
responseLength = entity.getContentLength();
responseContent = EntityUtils.toString(entity, "UTF-8");
}
System.out.println("请求地址: " + httpGet.getURI());
System.out.println("响应状态: " + response.getStatusLine());
System.out.println("响应长度: " + responseLength);
System.out.println("响应内容: " + responseContent);
} catch (KeyManagementException e) {
e.printStackTrace();
} finally {
httpClient.getConnectionManager().shutdown(); //关闭连接,释放资源
return responseContent;
}
}
}
* 使用HttpClient模拟HTTPS访问
===================================================================================================================================
【配置Tomcat支持SSL(即让Tomcat下的Web应用处于SSL安全通道中)】
===================================================================================================================================
1、生成KeyStore
1)运行-->CMD-->"keytool -genkey -alias Jadyer_SSL_20120508 -keyalg RSA -validity 1024 -keystore D:\Jadyer_SSL_20120508.keystore"
参数说明----->-genkey 表示生成密钥
-alias 指定别名,这里是Jadyer_SSL_20120508
-keyalg 指定算法,这里是RSA
-validity 指定证书有效期,这里是1024天
-keystore 指定存储位置,这里是D:\\Jadyer_SSL_20120508.keystore
2)CMD输出----->输入keystore密码:hongyu75
再次输入新密码:hongyu75
您的名字与姓氏是什么?[Unknown]:127.0.0.1(这里要根据实际情况填写网站域名或者IP,否则会出现证书上的名称无效)
您的组织单位名称是什么?[Unknown]:http://blog.csdn.net/jadyer
您的组织名称是什么?[Unknown]:JavaLover_jadyer
您所在的城市或区域名称是什么?[Unknown]:BJ
您所在的州或省份名称是什么?[Unknown]:BJ_NanTian
该单位的两字母国家代码是什么[Unknown]:CN
CN=127.0.0.1, OU=http://blog.csdn.net/jadyer, O=JavaLover_jadyer, L=BJ, ST=BJ_NanTian, C=CN 正确吗?[否]:Y
输入<Jadyer_SSL_20120508>的主密码(如果和 keystore 密码相同,按回车):这里按回车键
(这里的主密码一定要与keystore密码相同,否则启动Tomcat时就会告诉你java.io.IOException: Cannot recover key)
3)接下来就会按照-keystore参数值在指定位置生成指定的KeyStore文件了
===================================================================================================================================
2、让Tomcat支持SSL
1)将生成的Jadyer_SSL_20120508.keystore拷贝到\\%TOMCAT_HOME%\\conf\\目录中(其它目录也可以)
2)修改\\%TOMCAT_HOME%\\conf\\server.xml文件(大约在85行的位置),新增内容如下
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
keystoreFile="conf/Jadyer_SSL_20120508.keystore" keystorePass="hongyu75"/>
3)这样,我们的Tomcat就支持HTTPS访问了(关于<Connector/>标签中的属性说明,参拜Google大神)
===================================================================================================================================
3、用浏览器访问我们的应用
1)输入https://127.0.0.1:8443/blog会发现你的应用已经处于SSL安全通道中了
此时,如果我们在浏览器里访问http://127.0.0.1:8443/blog会发现,竟然能访问
也就是说,我们虽然启用了HTTPS,但现在还可以绕开HTTPS直接访问HTTP还能,这样HTTPS也就起不到作用了
2)我们可以配置一下\\%TOMCAT_HOME%\\conf\\web.xml文件,使得HTTP的访问能够重定向到HTTPS的连接
修改位置大约为web.xml的1224行,即在</welcome-file-list>标签后面加入下面的内容,即可
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL_App</web-resource-name>
<!-- 指明需要SSL的url -->
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<!-- 指明需要SSL -->
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
public class HttpClientUtil {
public static void main(String[] args)throws Exception{
//String requestUrl = "http://127.0.0.1:8088/test/web/userac";
String requestUrl = "https://127.0.0.1:8443/test/web/userac";
System.out.println(sendSSLRequest(requestUrl));
}
/**
* 发送HTTPS请求
* @param requestUrl 请求的地址
* @return 响应内容
*/
@SuppressWarnings("finally")
public static String sendSSLRequest(String requestUrl){
long responseLength = 0; //响应长度
String responseContent = null; //响应内容
HttpClient httpClient = new DefaultHttpClient(); //创建默认的httpClient实例
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream fis = new FileInputStream(new File("F:\\Tool\\IDE\\Jadyer_SSL_20120508.keystore"));
try {
trustStore.load(fis, "hongyu75".toCharArray()); //加载KeyStore
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
fis.close();
} catch (IOException e) {
e.printStackTrace();
}
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); //创建Socket工厂,将trustStore注入
Scheme sch = new Scheme("https", 8443, socketFactory); //创建Scheme
httpClient.getConnectionManager().getSchemeRegistry().register(sch); //注册Scheme
HttpGet httpGet = new HttpGet(requestUrl); //创建HttpGet
HttpResponse response = httpClient.execute(httpGet); //执行GET请求
HttpEntity entity = response.getEntity(); //获取响应实体
if (null != entity) {
responseLength = entity.getContentLength();
responseContent = EntityUtils.toString(entity, "UTF-8");
}
System.out.println("请求地址: " + httpGet.getURI());
System.out.println("响应状态: " + response.getStatusLine());
System.out.println("响应长度: " + responseLength);
System.out.println("响应内容: " + responseContent);
} catch (KeyManagementException e) {
e.printStackTrace();
} finally {
httpClient.getConnectionManager().shutdown(); //关闭连接,释放资源
return responseContent;
}
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- HttpClient跨项目(服务端)调用方法例子
- HttpClient详细实例,Httoclient调用https实例,避免https SSL认证
- CXF发布webService、tomcat用户验证、axis2(http/https)调用服务
- java 通过httpclient调用https 的webapi
- 在 IIS 6 和 IIS 7中配置Https,设置WCF同时支持HTTP和HTPPS,以及使用HttpWebRequest和HttpClient调用HttpS
- 通过4.4httpclient访问http和调用https
- HttpClient4.x调用指定证书访问https
- HTTPClient调用https请求,通过基本认证用户名密码(Basic Auth)
- httpclient 调用工具(同时支持 HTTP 和 HTTPS 协议)
- HttpClient中的client和server相互调用的两个例子
- httpclient调用https
- HttpClient调用例子
- httpclient调用Https,加载自签名证书
- HttpClient跨项目(服务端)调用方法例子
- apache httpclient HTTPS发送JSON调用接口实例
- java 通过httpclient调用https 的webapi
- JAVA HttpClient调用Https 跳过证书验证
- httpclient 无信任证书使用https
- Android httpClient 支持HTTPS
- HttpClient的简单封装,静态调用,自动识别网页字符集,伪装火狐/IE浏览器