First, Packaging Javaweb application
In Java, using the "jar" command to package a Javaweb app into a war package, the JAR command uses the following:
Example: Package Javawebdemoproject this javaweb app as a war package
After the execution, you can get a file, usually after the development of javaweb application, generally will be packaged Javaweb application into a war package, and then put the war package into the Tomcat server WebApps directory, when the Tomcat server started, The war packet in the WebApps directory will be automatically unzipped.
For example, it will now be placed in the WebApps directory of the Tomcat server.
The Tomcat server will automatically "deploying Web Application" after it is started, extracting the war file as shown in:
Ii. the system structure of Tomcat
The Tomcat server is started based on a server.xml file, and when Tomcat starts it starts with a server,server inside it will launch Service,service inside will start multiple "Connector (connectors)", Each connector waits for the client to connect, when a user uses a browser to access the Web resources above the server, the first is to connect to the Connector (connector), Connector (connector) is not processing the user's request, but the user's request to an engine (engines) To deal with, the engine will parse the host that the user wants to access after receiving the request, and then hand over the request to the appropriate host,host to resolve the Web application that the user wants to access under the host, a Web application that corresponds to a context.
<?XML version= ' 1.0 ' encoding= ' utf-8 '?><ServerPort= "8005"shutdown= "SHUTDOWN"> <Servicename= "Catalina"> <ConnectorPort= "8080"Protocol= "http/1.1"ConnectionTimeout= "20000"Redirectport= "8443" /> <ConnectorPort= "8443"Protocol= "Org.apache.coyote.http11.Http11Protocol"MaxThreads= "Max"sslenabled= "true"Scheme= "https"Secure= "true"ClientAuth= "false"Sslprotocol= "TLS"Keystorefile= "Conf/.keystore"Keystorepass= "123456"/> <ConnectorPort= "8009"Protocol= "ajp/1.3"Redirectport= "8443" /> <Enginename= "Catalina"Defaulthost= "localhost"> <Hostname= "localhost"AppBase= "WebApps"Unpackwars= "true"Autodeploy= "true"> <ValveClassName= "Org.apache.catalina.valves.AccessLogValve"Directory= "Logs"prefix= "Localhost_access_log."suffix= ". txt"pattern= "%h%l%u%t "%r"%s%b" /> </Host> <Hostname= "www.gacl.cn"AppBase= "F:\JavaWebApps"> <ContextPath=""DocBase= "F:\JavaWebApps\JavaWebDemo1"/> </Host> </Engine> </Service></Server>
Third, the principle of encryption on the Internet
The tomcat server starts with multiple connector (connectors), and the Tomcat server's connectors are divided into cryptographic connectors and non-encrypted machines, such as:
This is the connector that uses port 8080.
1 <port= "8080" protocol= "http/1.1" connectiontimeout= "20000" Redirectport/>
This connector is a non-encrypted connector, using "http://localhost:8080/JavaWebDemoProject/Web/1.jsp" to request Web resources on the server in this process, our request is not encrypted, If you want to access the Tomcat server in an encrypted manner, configure an encrypted connector in Tomcat. To configure a cryptographic connector, you should first clarify the encryption principle on the Internet.
3.1, symmetric encryption using a single-key cryptography system encryption method, the same key can be used as information encryption and decryption, this encryption method is called symmetric encryption, also known as single-key encryption. Encryption algorithms that use the same key for encryption and decryption are required. Because of its fast speed, symmetric encryption is typically used when the message sender needs to encrypt large amounts of data. Symmetric encryption is also known as key encryption. Symmetry is the use of the same encryption method used by both parties to encrypt and decrypt the same key. A key is an instruction that controls the process of encrypting and decrypting. The algorithm is a set of rules that specify how to encrypt and decrypt. The security of encryption is important not only by the encryption algorithm itself, but also by the security of Key management.
because both encryption and decryption use the same key, how to safely pass the key to the decryption hand is a problem that must be solved . Commonly used symmetric encryption: DES, Idea, RC2, RC4, Skipjack, RC5, AES algorithm, etc. 3.2, asymmetric encryption
An asymmetric encryption algorithm requires two keys: Public key (PublicKey) and private key (Privatekey). Public key and private key is a pair, if the data encrypted with public key, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. The basic process of the asymmetric encryption algorithm to realize the secret information exchange is: Party A generates a pair of keys and exposes one of them as a public key to other parties; the party B who obtains the public key encrypts the secret information and sends it to party a, and then decrypts the encrypted information with another private key that it saves. On the other hand, party A can use the public key of party B to sign the confidential information and then send it to party B, and then use his private key to check the data.
How asymmetric Encryption works1.A to send information to B, both A and B generate a pair of public and private keys for encryption and decryption. The private key of the 2.A is confidential, A's public key tells B;b's private key secret, and B's public key tells A. 3.A to send a message to B, a uses the public key of B to encrypt the information because a knows the public key of B. 4.A sends this message to B (the message has been encrypted with B's public key).5.B After receiving this message, B decrypts a message with its private key. All other people who receive this message are unable to decrypt because only B has the private key of B.
The sender encrypts the data using the receiver's public key, and the receiver decrypts it with its own private key, so that the information can arrive at the destination safely and without error, even if intercepted by a third party, and cannot be decrypted because there is no corresponding private key. The encryption process is ensured by means of a digital process, that is, only the private key can be decrypted.
Asymmetric encryption still does not solve the security problems of data transmission, such as a want to send data to B, b first generate a pair of keys (public and private), and then send the public key to A,a get B to his public key can be used to encrypt the public key data sent to B, but in the B public key sent to a process, is likely to be intercepted by third party C, C intercepted to B's public key, also use B's public key to encrypt the data, and then sent to the B,b received data after the faint, because it is unclear whether the received data is a or C, this is one of the problems, another problem is that C intercepted the public key B, C can be self- Has generated a pair of keys (public and private), and then sent to A,a to get the public key to think it was B sent to him, and then the use of public key encryption data sent to B, the process of sending to B was intercepted by C, because a is sent to his public key with C encryption data, and C has a private key, so you can decrypt the and b received a sent to his data is not solved, because the data is encrypted with the public key of C, B does not have C's private key, so it cannot be decrypted. Therefore, there is a problem with asymmetric encryption: a want to send data to B, a how to determine that the public key must be B hair? So how do we solve this problem? Can only be secured by a third-party agency (CA institution, or certificate Authority (Certificate Authority), or certificate authority). A want to send data to B, B first sent the public key to the CA agency, the CA agency got B's public key and ran to B's home Q: Is this the public key you sent? B confirmed after said is: Yes, I sent! Then the CA agency will guarantee the public key of B, generate a digital certificate to B, the digital certificate contains the CA's guarantee authentication signature and B's public key, B to the CA's digital certificate, sent to A,a to obtain a digital certificate, see the above has a CA signature, you can determine the current get the public key is B hair, Then you can confidently use the public key to encrypt the data and then send it to B.
Four, HTTPS connector
After understanding the Internet encryption principle, the following to see the browser and server interaction, the browser wants to encrypt the data and then send to the server, then what to do? The server first to show a digital certificate to the browser, the browser will see the digital certificate, you can use the public key inside the digital certificate to encrypt data, so to do the browser and server encryption data transfer, then the first to generate a digital certificate for the server. Then configure the server, so that the server receives a browser request, the browser will show its digital certificate.
4.1. Generate a digital certificate for the Tomcat server
Sun provides a tool for making certificates, which is included in the Keytool version of JDK 1.4, and is located in <java_home>\bin\keytool.exe
1 Keytool-genkey-alias tomcat-keyalg RSA
Use Keytool to generate a certificate named Tomcat, which is stored in the. KeyStore KeyStore
After the command executes, a. keystore file is generated below the user folder of the operating system as shown in:
Use the command: Keytool-list-keystore. KeyStore to view all certificates in the. KeyStore KeyStore
4.2. ConfigurationHTTPS connector
Copy the generated. KeyStore KeyStore file to the Conf directory of the Tomcat server, as shown in:
To modify the Server.xml file, configure the HTTPS connector with the following code:
1<ConnectorPort= "8443"Protocol= "Org.apache.coyote.http11.Http11Protocol" 2 Maxthreads= " sslenabled = "true" Scheme= "https " Secure=" true "3 Clientauth= "false" Sslprotocol= "TLS" 4 Keystorefile = "Conf/.keystore" Keystorepass=" 123456 "/>
In the Server.xml file is configured with a port is 8443 encryption connector, browser access to 8443 port connector, will be encrypted access to the Web server, the connector receives a browser request, will show a digital certificate to the browser, the browser and the digital certificate inside the public key to encrypt the data, keystorefile= "Conf/.keystore" is used to indicate the path where the KeyStore file is located, the server needs a password to extract the certificate from the KeyStore,keystorepass= "123456" Indicates the access password for the KeyStore.
Using "https://localhost:8443/" to access the 8443 encryption connector
Because the certificate inside the KeyStore is generated manually by us and is not certified by CA, we use "https://localhost:8443/" to access the 8443 encrypted connector, and the browser will appear "certificate error, navigation blocked", The browser considers the host currently being accessed to be unsafe, does not recommend continuing access, and can continue to access it as shown here:
4.3. Install digital certificate
In order for the browser to trust the digital certificate we generated, we need to install the digital certificate into the browser, IE8 the browser as an example of the certificate installation instructions, the installation steps are as follows:
After the certificate is successfully installed, restart IE, use "https://localhost:8443/" to access 8443 encryption connector, the browser will no longer prompt the certificate error, as shown in:
4.4. Delete the digital certificate
Take IE8 as an example to illustrate the following steps: Tools----->internet Options
Restart your browser after you delete it
Javaweb Learning Summary (1)-Tomcat server learning and using (3)