问题描述
我有一个正在运行的 tomcat 应用程序,它已经具有以下从 HTTP 到 HTTPs 的重定向规则:
I have a running tomcat application that already have the following redirection rule from HTTP to HTTPs:
<Connector executor="tomcatThreadPool"
port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
是否可以添加例外/规则,即特定的 HTTP 请求 (http://www.example.com),将被重定向到另一个特定地址,并指定一个端口(比如 https://www.example.com:8443/test),无需更改/删除上述连接器?
Is it possible to add an exception/rule, that a specific HTTPrequest (http://www.example.com), will be redirected to another specific address , with a port specified (say https://www.example.com:8443/test), without changing/removing the above Connector ?
推荐答案
您显示的连接器配置没有按照您设想的方式重定向特定 URL.
The connector configuration you shown does not redirect a specific URL in the way you suppose.
如果您为该 servlet 容器内的 Web 应用程序配置了 CONFIDENTIAL
传输保证,则该配置将起作用.
That configuration acts if you have configured a CONFIDENTIAL
transport guarantee for a web application inside that servlet container.
我的意思是,如果您在该连接器上部署了任何应用程序,其 web.xml
描述符的 security-constraint
如下所示:
I mean, if you have deployed any application on that connector, where its web.xml
descriptor has a security-constraint
as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
然后,Tomcat 会将任何匹配的 url-pattern
重定向到配置的端口,以便使用 HTTPS 作为传输机密性的保证.
Then, Tomcat will redirect any matching url-pattern
to the configured port in order to use HTTPS as guarantor of confidentiality in transport.
因此,如果您想重定向特定的 URL,您必须使用特定的应用程序配置来补充连接器的配置.
So, if you want to redirect a specific URL, you have to complement connector's configuration with specific application configuration.
正如您在评论中所建议的,这可能是使此配置正常工作的另一个步骤.如图所示配置 http 连接器,然后按照我告诉您的那样配置应用程序后,您只需确保您的 Tomcat 服务器配置了 HTTPS 连接器,其他方式重定向将不起作用.
As you suggest in your comment, it could be another step to get this configuration working. Once you have configured http connector as shown, and then configured app as I told you, you only to ensure that your Tomcat server has an HTTPS connector configured, other way redirection won't work.
要配置此 HTTPS 连接器,您可以使用以下配置:
To configure this HTTPS connector, you can use a configuration as following:
<Connector connectionTimeout="20000"
acceptCount="100" scheme="https" secure="true"
port="443" clientAuth="false" sslProtocol="TLS"
keystoreFile="PATH_TO_KEY_STORE"
keystorePass="KEY_STORE_PASS"
keyAlias="KEY_STORE_ALIAS"/>
这是一个示例配置,其中我没有放置一些对您很重要的属性,例如线程属性、执行程序等.
This is a sample configuration where I didn't put some attributes that can be important for you as threads attrs, executors, and so on.
最重要的是您需要为 HTTPS 连接提供服务的 KeyStore 配置.这里你有准备java KeyStore的官方文档用于 Tomcat 以提供 HTTPS.
The most important thing is the KeyStore configuration that you need to serve HTTPS connections. Here you have the official documentation to prepare a java KeyStore for Tomcat to serve HTTPS.
这篇关于在 Tomcat 中将 HTTP 重定向到 HTTPS:PORT的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!