jboss7-WildFly的https配置

1、HTTPS
https是在http的基础上增加了一层加密,常用的加密算法是RSA,非对称密钥加密,原理基于大数的因式分解,需要公钥和私钥,公钥对外,私钥保密,用公钥加密,私钥用来解密。
我测试环境我们用JDK自带的工具生成,具体操作如下:
1、为服务器生成证书:
keytool -genkey -v -alias wildfly -keyalg RSA -keystore C:\wildfly.keystore -validity 36500
password : ondfge23
您的名字与姓氏是什么?
113.240.224.231
 
2、为客户端生成证书:
keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore C:\mykey.p12
password : onassd234
您的名字与姓氏是什么?
113.240.224.231
 

3、让服务器信任客户端证书:
导出客户端证书
keytool -export -alias mykey -keystore C:\mykey.p12 -storetype PKCS12 -storepass onassd234 -rfc -file C:\mykey.cer
导入到服务器端密钥库,密码ondfge23
keytool -import -v -file C:\mykey.cer -keystore C:\wildfly.keystore
查看密钥库密钥
keytool -list -keystore C:\wildfly.keystore

4、让客户端信任服务器证书:

keytool -keystore C:\wildfly.keystore -export -alias wildfly -file C:\wildfly.cer

生成的证书如下:
 
2、配置standalone.xml
首先指定生成的证书,配置权限级别为后台ManagementRealm,也可设置为应用级别ApplicationRealm,本文以后台为例
 
 <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLSv1">
                        <keystore path="C:\wildfly.keystore" keystore-password="ondfge23" />
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local" skip-group-loading="true"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>




配置监听端口,指定绑定名为https,其他类同:

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
        <socket-binding name="http" port="${jboss.http.port:8090}"/>
        <socket-binding name="https" port="${jboss.https.port:8443}"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>



 

使监听HTTPS配置生效,使用名为https的绑定,安全级别为ManagementRealm:

<subsystem xmlns="urn:jboss:domain:undertow:3.0">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http"/>
		<https-listener name="nice" socket-binding="https" security-realm="ManagementRealm"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
            </servlet-container>
            <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
            </handlers>
            <filters>
                <response-header name="server-header" header-value="WildFly/10" header-name="Server"/>
                <response-header name="x-powered-by-header" header-value="Undertow/1" header-name="X-Powered-By"/>
            </filters>
        </subsystem>



 
生效操作也可以在后台图形界面下操作
 
3、验证:
启动服务
 
在浏览器中输入https://127.0.0.1:9443
 
输入框中出现了一把锁,至此配置完成。
图解WildFly 8.X配置HTTPS


你可能感兴趣的:(jboss7-WildFly的https配置)