TOMCAT配置HTTPS和SSL并HTTP请求强转为HTTPS请求

1、生成keystore文件

keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore
2. 取消注释  tomcat/conf/server.xml ，并指定安全证书位置和密码
1	<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
2	               maxThreads="150" scheme="https" secure="true"
3	               clientAuth="false" sslProtocol="TLS"
4	               keystoreFile="D:/tomcat7/conf/keystore/tomcat.keystore"
5	               keystorePass="123456"/>

3. 所有http请求强转为HTTPS请求

对应的业务工程下web.xml配置最后
01	<security-constraint>
02	<!-- Authorization setting for SSL -->
03	<web-resource-collection>
04	<web-resource-name>OPENSSL</web-resource-name>
05	<url-pattern>/*</url-pattern>
06	</web-resource-collection>
07	<user-data-constraint>
08	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
09	</user-data-constraint>
10	</security-constraint>

附加：

禁用HTTP不安全的方法：

在tomcat/conf/web.xml最后加上一个节点
01	<!--禁用HTTP的不安全方法-->
02	    <security-constraint>
03	        <web-resource-collection>
04	            <url-pattern>/*</url-pattern>
05	            <http-method>PUT</http-method>
06	            <http-method>DELETE</http-method>
07	            <http-method>HEAD</http-method>
08	            <http-method>OPTIONS</http-method>
09	            <http-method>TRACE</http-method>
10	        </web-resource-collection>
11	        <auth-constraint></auth-constraint>
12	    </security-constraint>