tomcat 结合spring security 配置SSL认证

小结一下tomcat搭配spring security做ssl，其实单tomcat就可以搞你的应用
ssl认证了，这里只不过顺道使用了spring secruity（如果你的应用是用了
spring security的话）。

1 首先是制作证书了，步骤比较传统，简单带过，不懂的请去google

keytool -genkey -alias MyKeyAlias -keyalg RSA -keystore /home/test.keystore

然后回答一大堆问题，最后生成自签证书

2 tomcat的conf目录中的sevrer.xml中，配置如下：

<Connector SSLEnabled='true' keystoreFile='/home/test.keystore' keystorePass='password' port='8443' scheme='https' secure='true' sslProtocol='TLS'/>

3 如果不使用spring security的话，需要这样在web.xml中配置

<security-constraint>
<web-resource-collection>
<web-resource-name>my-secure-app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

如果使用spring security，则这样：

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml
/WEB-INF/spring/appServlet/application-security.xml
</param-value>
</context-param>

然后application-security.xml中：

<?xml version='1.0' encoding='UTF-8'?>
<beans:beans xmlns='http://www.springframework.org/schema/security'
xmlns:beans='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd'> 
<http auto-config='true' >
<intercept-url pattern='/**' requires-channel='https' />
</http>

<authentication-manager>
</authentication-manager>

</beans:beans>

这里用intercept-url，可以很方便配置，哪些连接要用https,哪些不用了