一,java使用 keytool工具创建证书
CMD窗口中运行 "keytool -genkey -alias "别名" -keyalg RSA -validity "有效时间" -keystore "生成证书路径"
二,配制tomcat支持ssl
在tomcat的config server.xml中打开 Connector结点
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="yourPath/xx.keystore" keystorePass="yourPwd" clientAuth="false" sslProtocol="TLS" />
这里注意下,在tomcat6下
protocol="HTTP/1.1 " <!-- 改为 --> protocol="org.apache.coyote.http11.Http11Protocol"
否则起动会报错
三,工程中web.xml配制
上两部己实现了ssl的访问 https://localst (443为https默认端口所以不用加端口号)就己是ssl安全通道中,但是我们还是可以通过http://localhost:port 访问,这里要让它http时自动成https
在web.xml中加入下面内容
<security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/xxx/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
在url-pattern中配制的是你要拦截的请求路径,比如只想对login模块强制转成https,则可配 /login/*
四,此时让tomcat支持https己全部配制完成,浏览器第一次访问时因为是自己制作的证书可以会有安全信任问题,要添加例外。想要httpclient发送https的请求,则还需如下的步骤
五,从浏览器中导出让才的证书(crt,pem后缀都可以)然后用keytool工具导入keystore,命令如下:
keytool -import -alias "localhost" -file xxx.crt -keystore ooo.keystore
xxx.crt : 刚从浏览器导出的证书
ooo.keystore :命令生成的keystore文件
六,java代码 (不得不说httpclient3和4版本在使用上差异还很大,用习惯了3总感觉4并不太顺手)
public static String sendSSLRequest(String requestUrl) { long responseLength = 0; // 响应长度 String responseContent = null; // 响应内容 HttpClient httpClient = new DefaultHttpClient(); // 创建默认的httpClient实例 KeyStore trustStore = null; InputStream fis = null; HttpGet httpGet = null; HttpResponse response = null; try { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); fis = HttpsBaseAction.class.getClassLoader().getResourceAsStream( "my.keystore"); trustStore.load(fis, "pwd".toCharArray()); // 加载KeyStore SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); // 创建Socket工厂,将trustStore注入 Scheme sch = new Scheme("https", 443, socketFactory); // 创建Scheme httpClient.getConnectionManager().getSchemeRegistry().register(sch); // 注册Scheme httpGet = new HttpGet(requestUrl); // 创建HttpGet Header headers[] = { new BasicHeader("myheader", "value") }; httpGet.setHeaders(headers); // 设置头信息 // 设置请求参数,get好像只能在url那里用?xx=xx传参(暂时没找到到别的可传参方法) // 如用post传参如下 List<NameValuePair> formparams = new ArrayList<NameValuePair>(); formparams.add(new BasicNameValuePair("prameName", "value")); UrlEncodedFormEntity uefEntity; uefEntity = new UrlEncodedFormEntity(formparams, HTTP.UTF_8); HttpPost post = new HttpPost(requestUrl); post.setEntity(uefEntity); post.setHeader("myheader", "value"); // response = httpClient.execute(post); // 执行POST请求 response = httpClient.execute(httpGet); // 执行GET请求 HttpEntity entity = response.getEntity(); // 获取响应实体 if (null != entity) { responseLength = entity.getContentLength(); responseContent = EntityUtils.toString(entity, "UTF-8"); EntityUtils.consume(entity); // Consume response content } System.out.println("请求地址: " + httpGet.getURI()); System.out.println("响应状态: " + response.getStatusLine()); System.out.println("响应长度: " + responseLength); System.out.println("响应内容: " + responseContent); } catch (Exception e) { e.printStackTrace(); } finally { try { fis.close(); } finally { httpClient.getConnectionManager().shutdown(); // 关闭连接,释放资源 return responseContent; } } }