Tomcat的安全性约束配置是强制性的吗? [英] Is security-constraint configuration for Tomcat mandatory?

问题描述

为了在Tomcat下进行SSL配置测试，这是否必须?

In order to do an SSL Configuration testing under Tomcat, is this all mandatory?

下面这行摘录自网站:

为了进行此测试，请使用已在Tomcat中成功部署的任何应用程序，然后首先通过http和https访问它，以查看其是否正常运行.如果是，则打开该应用程序的web.xml并仅在web-app结束之前添加此XML片段，即</web-app>:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

此配置是否必须在web.xml文件中进行?

Is this configuration is mandatory to do inside a web.xml file ??

推荐答案

否，没有必要.这意味着您的Web应用程序仅可通过HTTPS使用(而不能通过HTTP).

No, it's not necessary. It means that your web application only available through HTTPS (and not available through HTTP).

如果省略<transport-guarantee>CONFIDENTIAL</transport-guarantee>标记(或整个<security-constraint>)，则可以通过HTTP和HTTPS使用您的应用程序.如果您的web.xml包含<transport-guarantee>CONFIDENTIAL</transport-guarantee>，如果您尝试使用HTTP，则Tomcat会自动将请求重定向到SSL端口.

If you omit the <transport-guarantee>CONFIDENTIAL</transport-guarantee> tag (or the whole <security-constraint>) your application will be available through both HTTP and HTTPS. If your web.xml contains <transport-guarantee>CONFIDENTIAL</transport-guarantee> Tomcat automatically redirects the requests to the SSL port if you try to use HTTP.

请注意，默认的Tomcat配置未启用SSL连接器，您必须手动启用它. 有关详细信息，请查看 SSL配置方法.

Please note that the default Tomcat configuration does not enable the SSL connector, you have to enable it manually. Check the SSL Configuration HOW-TO for the details.

这篇关于Tomcat的安全性约束配置是强制性的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！