jboss中如何配置https

如果一个jboss应用发https命令到其他应用，下文中称其为https 客户端

如果jboss应用接受https request,称其为https服务端

对于https客户端， 需要将服务端的证书导入到一个keystore中，放在一个指定的位置，在生成keystore时需要指定其密码，

可以称其为trust keystore文件，表明客户端信任这个keystore

发送https请求

使用package org.apache.http.client;中的接口类

sendhttpsRequest(InputStreamEntity body ,String url)

org.apache.http.client.HttpClient client = null;

try {

client = getDefaultHttpClient();

HttpPut method = new HttpPut(url);

method.addHeader("Content-Type", "multipart/mixed; boundary=\"frontier\"");

method.setEntity(body);

int resp = client.execute(method).getStatusLine().getStatusCode();

}

getDefaultHttpClient(){

HttpParams params = new BasicHttpParams();

SchemeRegistry schemeR = new SchemeRegistry();

SSLSocketFactory sslFactory = getSslFactory();

schemeR.register(new Scheme(HTTPS, sslFactory, 8443));

ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager(params, schemeR);

DefaultHttpClient client = new DefaultHttpClient(cm, params);

return client;

}

getSslFactory(){

//path表示trust store文件的位置，ksPass表明keystore的密码

FileInputStream keyStoreIn = new FileInputStream(new File(path));

KeyStore tmpKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());

tmpKeyStore.load(keyStoreIn, ksPass.toCharArray());

SSLSocketFactory sslFactory = new SSLSocketFactory(null,ksPass, tmpKeyStore);

return sslFactory ;

}

如果是作为服务端，需要在服务端生成key文件和csr文件，然后使用csr文件去CA签名获得证书

需要将key文件和证书文件导入到一个keystore文件中，并且指定alias

假设keystore 文件为/var/tmp/sample.keystore，密码是12345678，导入key和证书到keystore中指定的alias为samplehttps

在standalone.xml中需要做配置

<connector enabled="true" name="https" protocol="HTTP/1.1" scheme="https" secure="true" socket-binding="https">

<ssl certificate-key-file="/var/tmp/sample.keystore" key-alias="samplehttps" name="ssl" password="12345678" protocol="all" session-timeout="1800" verify-client="false"/>

</connector>