SpringBoot 配置https
1.获取SSL证书
生产环境需要从SSL证书授权中心购买证书,可以在阿里云进行购买:阿里云免费证书申请
本地开发环境可以自己生成证书测试
利用Openssl工具生成证书
#安装 openssl
yum install openssl openssl-devel -y
#生成一个RSA密钥 (私钥)
openssl genrsa -out server.key 2048
#生成一个证书请求 C:国家 ST:省 L:城市 O:机构名称 OU:部门名称 CN:网站地址
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=power Inc./OU=Web Security/CN=power.com"
#转换为pkcs12格式(因为在Java中使用证书,需要转换一下格式)
openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.pkcs12
2.SpringBoot配置
将SSL证书拷贝到项目根目录下(src同级目录),然后修改application.properties配置文件
#https访问端口
server.port=8443
#http访问地址
server.port-http=880
#配置https的证书
server.ssl.key-store=server.pkcs12
#证书的密码(在生成证书的时候会指定一个密码)
server.ssl.key-store-password=123456
#执行证书的类型
server.ssl.key-store-type=pkcs12
3.配置http跳转到https
@Component
public class HttpRedirectConfiguration {
@Value("${server.port}")
private int sslPort;//https的端口
@Value("${server.port-http:880}")
private int httpPort;//http的端口
@Bean
public TomcatServletWebServerFactory servletContainerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
//设置安全性约束
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");//
//设置约束条件
SecurityCollection collection = new SecurityCollection();
//解决http重定向到https,POST请求变为GET请求
collection.addMethod(DEFAULT_PROTOCOL);
//拦截所有请求
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
//设置将分配给通过此连接器接收到的请求的方案
connector.setScheme("http");
//true: http使用http, https使用https;
//false: http重定向到https;
connector.setSecure(false);
//设置监听请求的端口号,这个端口不能其他已经在使用的端口重复,否则会报错
connector.setPort(httpPort);
//重定向端口号(非SSL到SSL)
connector.setRedirectPort(sslPort);
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
}
4.配置同时支持http和https
注意:不能和第三步同时配置
@Configuration
public class HttpsConfig {
//读写配置文件
@Value("${server.port-http:880}")
private Integer httpPort;
@Value("${server.port}")
private Integer httpsPort;
@Bean
public TomcatServletWebServerFactory servletContainer() { //springboot2 新变化
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(httpPort);
connector.setSecure(false);
connector.setRedirectPort(httpsPort);
return connector;
}
}