相关推荐:java - Nginx + tomcat + spring security client cert authentication

not per location. So i have a setup, when i need client certificate authentication, tomcat makes a post call to a subdomain which is run by nginx, this adds client certifiate to the request and forwards it to tomcat for

小结一下tomcat搭配spring security做ssl,其实单tomcat就可以搞你的应用
ssl认证了,这里只不过顺道使用了spring secruity(如果你的应用是用了
spring security的话)。


1 首先是制作证书了,步骤比较传统,简单带过,

不懂的请去google

   keytool -genkey -alias MyKeyAlias -keyalg RSA -keystore /home/test.keystore

然后回答一大堆问题,最后生成自签证书

2 tomcat的conf目录中的sevrer.xml中,配置如下:

<Connector SSLEnabled='true' keystoreFile='/home/test.keystore' keystorePass='password' port='8443' scheme='https' secure='true' sslProtocol='TLS'/>


3 如果不使用spring security的话,需要这样在web.xml中配置

<security-constraint>
    <web-resource-collection>
        <web-resource-name>my-secure-app</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>


  如果使用spring security,则这样:
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>/WEB-INF/spring/root-context.xml
           /WEB-INF/spring/appServlet/application-security.xml           
          </param-value>
</context-param>
然后application-security.xml中:
<?xml version='1.0' encoding='UTF-8'?>
<beans:beans xmlns='http://www.springframework.org/schema/security'
  xmlns:beans='http://www.springframework.org/schema/beans'
  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
  xsi:schemaLocation='http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd


http://www.springframework.org/schema/security


http://www.springframework.org/schema/security/spring-security-3.1.xsd'>

       <http auto-config='true' >
          <intercept-url pattern='/**' requires-channel='https' />    
       </http>

       <authentication-manager>
       </authentication-manager>

</beans:beans>
这里用intercept-url,可以很方便配置,哪些连接要用https,哪些不用了。  

相关推荐:spring security - Session is not replicated after restart in tomcat 7

y(version 3.1) app. I already set <distributable /> tag in web.xml and enabled session replication in server.xml for all nodes.My apache configuration: <Proxy balancer://myapp> BalancerMember ajp://127.0.0.1:8009

快照源:http://my.oschina.net/u/658145/blog/96660