仅对基于servlet的webapp中的某些页面使用HTTPS [英] Use HTTPS only for certain pages in servlet based webapp

问题描述

我在Tomcat 6服务器上运行了一个基于servlet的webapp。 URL方案是HTTPS。整个网站目前正在通过HTTPS提供。但我真正想做的是仅为购买和登录等特定操作设置HTTPS。 Tomcat中是否有任何可以帮助我轻松完成此任务的配置？

I have a servlet based webapp running on Tomcat 6 server. The URL scheme is HTTPS. The entire site is currently being served on HTTPS. But what I would really like to do is setup HTTPS only for certain operations like purchase and login. Is there any configuration in Tomcat that can help me do this easily?

是否需要对通过HTTPS和HTTP持久化会话进行任何代码更改？

Are there any code changes required to persist session across HTTPS and HTTP?

推荐答案

理想情况下，这是在您的Web应用程序的web.xml文件中配置的。您只需指定某些应安全的URL作为< security-constraint>< web-resource-collection> ，并将HTTPS要求指定为< transport-guarantee> ，其值为 CONFIDENTIAL 。容器将透明地管理重定向。简单。

Really, ideally, this is configured in your web app's web.xml file. You simply specify certain URLs that should be secure as <security-constraint><web-resource-collection> and specify HTTPS requirement as <transport-guarantee> with value of CONFIDENTIAL. The container will manage redirects transparently. Simple.

<security-constraint>
  <web-resource-collection>
     <web-resource-name>My Secure Stuff</web-resource-name>
     <url-pattern>/some/secure/stuff/*</url-pattern>
     <url-pattern>/other/secure/stuff/*</url-pattern>
     ...
  </web-resource-collection>
  <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

这篇关于仅对基于servlet的webapp中的某些页面使用HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！