tomcat ssl重定向循环

时间:2016-11-25 22:14:46

标签: java tomcat ssl

我的应用程序在tomcat中使用ssl,并在使用端口8080时运行正常,当我访问http://localhost:8080时,它会重定向到https://localhost:8443

但是当我使用非8080端口(8081,8082等)并访问http://localhost:8081(或http://localhost:8082等)时,它会执行无限重定向循环到http://localhost:8081(或http://localhost:8082等)

这里我的server.xml是8080 

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>


  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443" />


            <Connector SSLEnabled="true" clientAuth="false" keyAlias="key" keystoreFile="webapps/ROOT/META-INF/my.keystore" keystorePass="pass" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>   


    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

      <!-- Define the default virtual host
           Note: XML Schema validation will not work with Xerces 2.2.
       -->
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">


      </Host>
    </Engine>
  </Service>
</Server>

这里我的server.xml有8081 

    <?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>


  <Service name="Catalina">

    <Connector port="8081" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443" />


            <Connector SSLEnabled="true" clientAuth="false" keyAlias="key" keystoreFile="webapps/ROOT/META-INF/my.keystore" keystorePass="pass" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>   


    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

      <!-- Define the default virtual host
           Note: XML Schema validation will not work with Xerces 2.2.
       -->
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">


      </Host>
    </Engine>
  </Service>
</Server>

任何人都可以帮助我吗?

我正在使用tomcat 6

1 个答案:

答案 0 :(得分:1)

要尝试的另一件事是在默认的web.xml中强制为所有应用启用HTTPS(它应该位于server.xml旁边的tomcat / conf文件夹中), 通过添加以下内容:

<security-constraint>
        <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
                <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
                    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

注意:以下内容适用于启用了ARP的Tomcat实例(即大多数基于Linux的安装),但是当OP运行基于Windows的Tomcat时,ARP连接器已被禁用(或不可用),它不适用于他。

不确定为什么会出现重定向循环,但配置的一个明显问题是您启用了APR(本机)SSL连接器,这与&#34; keystoreFile&#无法真正配合使用34;,所以你应该在日志中收到类似的错误消息:

java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR
无论使用哪个端口号,

和SSL根本不适合您。

最简单的方法是击败APR听众:

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->

使Tomcat改为使用JSSE连接器实现。

相关问题
最新问题