Setting SSL (Secure Socket Layer) in Tomcat is often a requirement, especially
while developing secure web application,
which requires access over https protocol. Since Tomcat web server doesn't
provide SSL settings by default, you need to know how to configure SSL in
tomcat, and even worse it varies between different tomcat versions. for Example
SSL setup which works on tomcat 6, doesn't work as it is in tomcat 7. In this
article we will see, how to configure tomcat for https in both tomcat 6 and 7. For
those programmers who are not very familiar with SSL and https here is a quick overview of SSL, certificates and
https, and I suggest reading that article to get better
understanding of How SSL works and How websites are accessed security over
internet.
Once we know ,what is SSL, https and Certificates we are ready to setup
SSL and https in tomcat web server. As I explained you need to have some
certificate (inside keystore) in tomcat/conf folder which tomcat will present,
when a connection is made via https. If you use Spring security you can use
some of test certificates present in there sample applications otherwise you
need to generate by yourselves. You can request certificates from your windows
support team or by using tools like IBM IkeyMan and keytool command to put them
into truststore and keystore.
Once you have certificate ready, Open your server.xml from tomcat/conf folder and
search for Connector which defines https, it may be
commented ,better look for this string "Define a SSL
HTTP/1.1 Connector on port 8443". Once found replace with
following setup which is different for tomcat 6 and tomcat 7
SSL
Configuration for Tomcat 6 :
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${catalina.home}/conf/server.jks"
keystoreType="JKS" keystorePass="changeit" />
You also need to make one more configuration change for setting up SSLEngine="off" from "on" like in
below text:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
Look for this String on top of Server.xml
SSL Configuration for Tomcat 7
SSL Setup in Tomcat7 is relatively easy as compared to Tomcat7, as you
only need to make one configuration change for replacing SSL Connector with
following settings :
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${catalina.home}/conf/server.jks"
keystoreType="JKS" keystorePass="changeit" />
Settings which may vary if you setup your own certificate is keystorFile which
points to a keystore, which stores
certificates, keyStoreType I am using "jks",
which stands for “Java Key Store” and keystorepass, which is
password for opening key store file. That's it now your tomcat 6 or tomcat 7 is
ready to server https client. Though you may
need to configure https for your web application ,if you not done
already.
How to configure Java web application for
https
If you want your J2EE web application to be accessed over SSL using https
protocol, you can include following settings in application's web.xml :
<security-constraint>
<web-resource-collection>
<web-resource-name>HelloSSLweb-resource-name>
<url-pattern>/*url-pattern>
web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIALtransport-guarantee>
user-data-constraint>
security-constraint>
This Security setting will enable HTTPS for all URL directed your
application. you can also selective enable https settings for some URL by
tweaking URL pattern. Since SSL requires encryption and decryption it
can increase response time and if you not serving sensitive information than
you only have SSL enable for login or any particular URL which requires
sensitive data.
Source:http://javarevisited.blogspot.com/2013/07/how-to-configure-https-ssl-in-tomcat-6-7-web-server-java.html
Tidak ada komentar:
Posting Komentar