1、开启使用https协议
编辑tomcat目录下的conf/server.xml文件
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"
scheme="https"secure="true"clientAuth="false" sslProtocol="TLS"
keystoreFile="keystore/SSL.jks" keystorePass="XXXX" />
keystoreFile:证书路径(相对与tomcat主目录,例如:conf/SSL.jks)
keystorePass:证书密码
2、强制使用https协议
在 tomcat主目录的 conf/web.xml 中的 </welcome- file-list>节点后面加上这
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>