开发的人脸识别功能,在本地localhost是可以访问,换成IP地址不能访问,通过不了浏览器的安全协议,
要把http协议,转成https协议,才能正常访问
方案有二种
1、在项目springboot的配置文件中加;
2、修改tomcat配置
方案一:入侵代码,不好
方案二:项目上线也是会部署到tomcat,这种配置比较好,不用修改代码;
具体配置:
1、在tomcat/conf/web.xml中添加
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
2、在tomcat/conf/server.xml中添加
tomcat8.5.36
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/httptest.jks" certificateKeystorePassword="123456" type="RSA" /> </SSLHostConfig>
</Connector>
tomcat8.0.52
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="confhttptest.jks" keystorePass="123456"> </Connector>
3、httptest.jks证书文件是通过java 的keytools工具生成的。
在CMD命令行执行以下命令,
keytool -genkey -alias httptest -sigalg SHA256withRSA -keyalg RSA -keysize 2048 -keystore httptest.jks -dname "C=CN,ST=hubei,L=wuhan,O=httptest.com,OU=,CN=httptest.com" && keytool -certreq -alias httptest -file httptest.csr -keystore httptest.jks && echo Your certificate signing request file is httptest.csr. Your keystore file is httptest.jks. Thanks for using the 亚洲诚信TrustAsia keytool CSR helper.按
按提示输入密码,默认123456,好记
会在默认目录生成httptest.jks文件,拷贝到tomcat/conf目录下
4、启动tomcat
访问http://192.168.1.2:8080/webproject
浏览器第一次会跳出安全协议提示,点击后
自动跳转到https://192.168.1.2:8443/webproject