转载地址:http://blog.csdn.net/RO_wsy/article/details/51319963
Spring Boot中启动HTTPS
如果你使用spring Boot,并且想在内嵌tomcat中添加HTTPS,需要如下步骤
- 要有一个证书,买的或者自己生成的
- 在Spring Boot中启动HTTPS
- 将HTTP重定向到HTTPS(可选)
获取SSL证书
有两种方式
- 自己通过keytool生成
- 通过证书授权机构购买
这里作为演示,采用keytool生成
输入下面的命令,根据提示输入信息
<code class="hljs applescript has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">keytool -genkey -<span class="hljs-type" style="box-sizing: border-box;">alias</span> tomcat -storetype PKCS12 -keyalg RSA -keysize <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2048</span> -keystore keystore.p12 -validity <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">3650</span> Enter keystore password: Re-enter new password: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> your <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">first</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">and</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">last</span> <span class="hljs-property" style="box-sizing: border-box;">name</span>? [Unknown]: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">the</span> <span class="hljs-property" style="box-sizing: border-box;">name</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">of</span> your organizational unit? [Unknown]: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">the</span> <span class="hljs-property" style="box-sizing: border-box;">name</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">of</span> your organization? [Unknown]: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">the</span> <span class="hljs-property" style="box-sizing: border-box;">name</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">of</span> your City <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">or</span> Locality? [Unknown]: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">the</span> <span class="hljs-property" style="box-sizing: border-box;">name</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">of</span> your State <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">or</span> Province? [Unknown]: What <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">is</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">the</span> two-letter country code <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span> this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; opacity: 0.0393075; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li></ul>
会生成一个PKCS12格式的叫做keystore.p12的证书,之后启动Spring Boot时会引用这个证书
Spring Boot 中开启HTTPS
默认情况下Spring Boot内嵌的Tomcat服务器会在8080端口启动HTTP服务,Spring Boot允许在application.properties中配置HTTP或HTTPS,但是不可同时配置,如果两个都启动,至少有一个要以编程的方式配置,Spring Boot官方文档建议在application.properties中配置HTTPS,因为HTTPS比HTTP更复杂一些,可以参考spring-boot-sample-tomcat-multi-connectors的实例
在application.properties中配置HTTPS
<code class="hljs http has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-attribute" style="box-sizing: border-box;">server.port</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">8443</span> <span class="hljs-attribute" style="box-sizing: border-box;">server.ssl.key-store</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">classpath:keystore.p12</span> <span class="hljs-attribute" style="box-sizing: border-box;">server.ssl.key-store-password</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">mypassword</span> <span class="hljs-attribute" style="box-sizing: border-box;">server.ssl.keyStoreType</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">PKCS12</span> <span class="hljs-attribute" style="box-sizing: border-box;">server.ssl.keyAlias</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">tomcat</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; opacity: 0.0393075; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li></ul>
这就够了
将HTTP请求重定向到HTTPS(可选)
让我们的应用支持HTTP是个好想法,但是需要重定向到HTTPS,上面说了不能同时在application.properties中同时配置两个connector,所以要以编程的方式配置HTTP connector,然后重定向到HTTPS connector
这需要在配置类中配置一个TomcatEmbeddedServletContainerFactory bean,代码如下
<code class="language-java hljs has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"> <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Bean</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> EmbeddedServletContainerFactory <span class="hljs-title" style="box-sizing: border-box;">servletContainer</span>() { TomcatEmbeddedServletContainerFactory tomcat = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> TomcatEmbeddedServletContainerFactory() { <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">protected</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">void</span> <span class="hljs-title" style="box-sizing: border-box;">postProcessContext</span>(Context context) { SecurityConstraint securityConstraint = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> SecurityConstraint(); securityConstraint.setUserConstraint(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"CONFIDENTIAL"</span>); SecurityCollection collection = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> SecurityCollection(); collection.addPattern(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"/*"</span>); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> tomcat; } <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">private</span> Connector <span class="hljs-title" style="box-sizing: border-box;">initiateHttpConnector</span>() { Connector connector = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Connector(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"org.apache.coyote.http11.Http11NioProtocol"</span>); connector.setScheme(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"http"</span>); connector.setPort(<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">8080</span>); connector.setSecure(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">false</span>); connector.setRedirectPort(<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">8443</span>); <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> connector; }</code>