1. 安装ant
2. 从tomcat官网下载tomcat源码,解压源码到本地文件夹。
3. 修改tomcat源码中名为build.properties.default的文件。重命名为build.properties;在源码解压目录中新建文件夹output,修改build.properties文件中base.path属性值为刚才新建的output目录,例如:tomcat源码解压目录为E盘中的tomcat目录,则base.path=E:\tomcat\output
4. 运行cmd进入tomcat源码目录,输入ant构建项目
提示:如果此处构建失败,则去https://www-us.apache.org/dist//commons/daemon/binaries/commons-daemon-1.1.0-bin.tar.gz地址下载文件,下载后,解压文件到output目录,然后再次构建目录
5. 在eclipse中新建java project项目(项目名自定义,此处为tomcat-8.0.5)
选中新建的java项目,右键=>import=>file system 导入tomcat源码目录下的java文件包,注意选中下面的create top-level folder
以同样的方式导入test文件夹。注意:此处test文件夹和java文件夹不支持同时导入
6. 选中刚才导入的java文件夹,右键=>build path=>use as sources folder
选中导入的test文件夹,右键=>build path=>use as sources folder
在tomcat源码中package不包括java目录,所以要把java设置为sources,不然会报package包名的错误,同理test也需要此操作
7. 下载需要的包
8. 新建类,在test=>util目录下新建CookieFilter.java文件文件内容如下
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package util;
import java.util.Locale;
import java.util.StringTokenizer;
/**
* Processes a cookie header and attempts to obfuscate any cookie values that
* represent session IDs from other web applications. Since session cookie names
* are configurable, as are session ID lengths, this filter is not expected to
* be 100% effective.
*
* It is required that the examples web application is removed in security
* conscious environments as documented in the Security How-To. This filter is
* intended to reduce the impact of failing to follow that advice. A failure by
* this filter to obfuscate a session ID or similar value is not a security
* vulnerability. In such instances the vulnerability is the failure to remove
* the examples web application.
*/
public class CookieFilter {
private static final String OBFUSCATED = "[obfuscated]";
private CookieFilter() {
// Hide default constructor
}
public static String filter(String cookieHeader, String sessionId) {
StringBuilder sb = new StringBuilder(cookieHeader.length());
// Cookie name value pairs are ';' separated.
// Session IDs don't use ; in the value so don't worry about quoted
// values that contain ;
StringTokenizer st = new StringTokenizer(cookieHeader, ";");
boolean first = true;
while (st.hasMoreTokens()) {
if (first) {
first = false;
} else {
sb.append(';');
}
sb.append(filterNameValuePair(st.nextToken(), sessionId));
}
return sb.toString();
}
private static String filterNameValuePair(String input, String sessionId) {
int i = input.indexOf('=');
if (i == -1) {
return input;
}
String name = input.substring(0, i);
String value = input.substring(i + 1, input.length());
return name + "=" + filter(name, value, sessionId);
}
public static String filter(String cookieName, String cookieValue, String sessionId) {
if (cookieName.toLowerCase(Locale.ENGLISH).contains("jsessionid") &&
(sessionId == null || !cookieValue.contains(sessionId))) {
cookieValue = OBFUSCATED;
}
return cookieValue;
}
}
经过以上8步,如果项目中还有错误,直接删除即可。我本地会报/tomcat-8.0.5/test/webapp/WEB-INF/classes/org/apache/tomcat/Bug58096.java此文件错误,直接删除即可
9, 在run configurations中配置启动信息
点击run
10. 在浏览器中输入localhost:8080测试是否启动成功