在Apache Tomcat中执行从http到https的301重定向
我已经在我的 Web 应用程序中配置了 SSL.我已经按照要求的步骤在我的 Tomcat 中安装了证书.
I have configured SSL in my web application. I have installed the certificate in my Tomcat as per the required steps.
我一直在关注的教程是https://www.mulesoft.com/tcat/tomcat-security
我强制使用 https over http,这意味着对 http 的任何请求都将转发到 https.我在 server.xml 中进行了以下更改
I have enforced the use of https over http which means that any request to http will be forwarded to https. I made the following changes in my server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyHost="10.1.1.1" proxyPort="80"
URIEncoding="UTF-8"
maxHttpHeaderSize="32768"/>
- 查看更多信息:https://www.mulesoft.com/tcat/tomcat-security#sthash.6zIVA27x.dpuf
web.xml 的变化如下:
The web.xml changes are as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureConnection</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
然而,正在发生的重定向是临时重定向,即 302.我想使用 301 重定向,即永久重定向.
However, the redirect that is taking place is temporary re-direct ie 302. I want to use 301 re-direct ie., permanent redirect.
我怎样才能做到这一点?
How can I achieve that?
这是在你的 Realm 上配置的.请参阅特定 Realm 实现的 transportGuaranteeRedirectStatus 属性.
This is configured on your Realm. See the transportGuaranteeRedirectStatus attribute of your particular Realm implementation.
https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html
例如:server.xml 有这个开箱即用的
Ex: server.xml has this out-of-the-box
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
它没有设置transportGuaranteeRedirectStatus,所以它默认为302.如果你想让它使用301,只需在顶部添加属性transportGuaranteeRedirectStatus="301"级别 Realm(根据您的配置,您可能没有嵌套 Realm)并重新启动 Tomcat.
It does not set transportGuaranteeRedirectStatus so it defaults to 302. If you want to make it use a 301, just add the attribute transportGuaranteeRedirectStatus="301" to the top level Realm (you may not have nested Realms depending on your configuration) and restart Tomcat.
例如:
<Realm className="org.apache.catalina.realm.LockOutRealm" transportGuaranteeRedirectStatus="301">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
</Realm>
如果您的配置中没有定义 Realm 标签,Tomcat 将默认使用 NullRealm.如果您想在这种情况下覆盖重定向,您只需要在其下定义一个 NullRealm,并在其上设置 transportGuaranteeRedirectStatus 属性.
If you do not have a Realm tag defined in your configuration, Tomcat will default to using a NullRealm. If you want to override the redirect in this situation, you'd just need to define a NullRealm under with the transportGuaranteeRedirectStatus property set on it.
希望有帮助!