我有以下代码来启动我的软件:
public static void main(String[] args) throws Exception {
// set system property for exit on failure
System.setProperty("org.apache.catalina.startup.EXIT_ON_INIT_FAILURE", "true");
// create tomcat
Tomcat tomcat = new Tomcat();
// create connector, configure and add to tomcat
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setMaxPostSize(-1);
connector.setPort(8080);
connector.setURIEncoding("UTF-8");
((Http11NioProtocol)connector.getProtocolHandler()).setConnectionUploadTimeout(36000000);
((Http11NioProtocol)connector.getProtocolHandler()).setDisableUploadTimeout(false);
((Http11NioProtocol)connector.getProtocolHandler()).setConnectionTimeout(3600000);
((Http11NioProtocol)connector.getProtocolHandler()).setCompression("on");
((Http11NioProtocol)connector.getProtocolHandler()).setCompressibleMimeType("text/html,text/xml,text/plain,application/javascript");
tomcat.setConnector(connector);
// add web app with jsps and servlets
StandardContext standardContext = (StandardContext)tomcat.addWebapp("", new File(".").getAbsolutePath()+"/src/webroot");
standardContext.getJarScanner().setJarScanFilter(new JarScanFilter() { @Override public boolean check(JarScanType jarScanType, String s) {
if(s != null){
if(s.startsWith("mchange-commons-java")){
return false;
}
}
return true;
}});
standardContext.setParentClassLoader(Run.class.getClassLoader());
WebResourceRoot webResourceRoot = new StandardRoot(standardContext);
File additionWebInfClassesFolder = new File(new File(".").getAbsolutePath(), "target/classes");
WebResourceSet webResourceSet = new DirResourceSet(webResourceRoot, "/WEB-INF/classes", additionWebInfClassesFolder.getAbsolutePath(), "/");
webResourceRoot.addPreResources(webResourceSet);
standardContext.setResources(webResourceRoot);
// start tomcat
tomcat.start();
// stay in this method as long as tomcat is running
tomcat.getServer().await();
}
现在我有了我的证书文件(私钥、证书),我想向这个 Tomcat 服务器添加 SSL 功能。我知道这可能不是最佳实践,但我正在寻找一种非常简单的方法来做到这一点。我知道我可以创建一个 keystore 文件并将属性添加到连接器,但我基本上想要的是有一个包含我的证书内容的字符串并应用它。
最佳答案
我的解决方案最终看起来很像我最终在这里偶然发现的代码,以帮助我解决问题:https://github.com/OryxProject/oryx/blob/master/framework/oryx-lambda-serving/src/main/java/com/cloudera/oryx/lambda/serving/ServingLayer.java#L202
注意:我相信我使用的是 Tomcat 10。
private Connector createSslConnector(){
Connector httpsConnector = new Connector();
httpsConnector.setPort(443);
httpsConnector.setSecure(true);
httpsConnector.setScheme("https");
httpsConnector.setAttribute("SSLEnabled", "true");
SSLHostConfig sslConfig = new SSLHostConfig();
SSLHostConfigCertificate certConfig = new SSLHostConfigCertificate(sslConfig, SSLHostConfigCertificate.Type.RSA);
certConfig.setCertificateKeystoreFile("/root/.keystore");
certConfig.setCertificateKeystorePassword("changeit");
certConfig.setCertificateKeyAlias("mykeyalias");
sslConfig.addCertificate(certConfig);
httpsConnector.addSslHostConfig(sslConfig);
return httpsConnector;
}
关于java - 在 Embedded Apache Tomcat 9 中启用 SSL 并以编程方式添加证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56681156/