springboot2.x配置https
2021-11-15 本文已影响0人
brightranger
SpringBoot2.x配置HTTPS访问,总体上可以分为两大步:
一.生成SSL证书
二.配置HTTPS访问
生成SSL证书
取得SSL证书的方法有:(1)阿里云购买免费的ssl证书 (2)用命令生成ssl证书
因为在阿里云购买后需要填写域名,所以这里选择第(2)种方式:用命令生成ssl证书
- 新建一个证书目录,例如D:\sslca,打开cmd命令窗口,切换到D:\sslca
生成服务端证书
keytool -genkey -alias tomat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678
生成证书.png
- 生成客户端证书
生成客户端证书
keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678
客户端证书.png
配置HTTPS访问
-
打开已有的SpringBoot工程
-
将证书文件:client.p12复制到resources目录下
1636947255(1).png
-
修改application.yml
server:
port: 8443 (https端口)
ssl:
key-alias: client
key-store-password: 12345678
key-store-type: PKCS12
key-store: D:\personal_workspace\https-demo\src\main\resources\client.p12
- 修改启动类
package com.example.demo;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
super.postProcessContext(context);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
- 启动Springboot项目
- 浏览器访问 https://localhost:8443/hello/world?name=234234234
1636947453(1).png
配置既能支持https又能支持http的方式如下
- 修改application.yml,添加http port配置
server:
port: 8443
http:
port: 8080
ssl:
key-alias: client
key-store-password: 12345678
key-store-type: PKCS12
key-store: D:\personal_workspace\https-demo\src\main\resources\client.p12
- 还原启动类(WebsitebackApplication.java):删除或注释掉servletContainer和initiateHttpConnector方法
- 添加配置类TomcatConfig.java
package com.example.demo.config;
import org.apache.catalina.connector.Connector;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Configuration;
@Configuration
public class TomcatConfig {
@Value("${server.http.port}")
private int httpPort;
public ServletWebServerFactory servletWebServerFactory() {
TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory();
tomcatServletWebServerFactory.addAdditionalTomcatConnectors(createStandardConnector());
return tomcatServletWebServerFactory;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(httpPort);
return connector;
}
}
ok
