此文简单概述Springboot工程中配置ssl证书,不做其他概述。
配置前提,需要现在腾讯云或者阿里云等其他正规渠道购买ssl证书。先将后缀未jks的证书下载到本地,如果未设置密码,那么在下载的压缩包内会携带一个临时key的文件(临时密码)。
- 1、将后缀为jks的证书文件引到根目录的resource目录下
- 2、在application.yml配置文件中配置ssl
完成以上两步后,ssl 证书已经配置完成,启动后可看到通信协议变成了https的方式了。
==》接下来的操作是实现tomcat开放多个类型端口的方式:
同时使用http & https 方式进行访问。(在springboot启动类中加入两个bean对象!一定是要在springboot主启动类中)
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory( ){
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection securityCollection = new SecurityCollection();
securityCollection.addPattern("/*");
securityConstraint.addCollection(securityCollection);
context.addConstraint(securityConstraint);
}
};
factory.addAdditionalTomcatConnectors(httpConnector());
return factory;
}
@Bean
public Connector httpConnector(){
Connector connector = new Connector("org.apache.coyote.http11.Http11Nio2Protocol");
connector.setScheme("http");
connector.setPort(8081); // 设置监听的http端口号
connector.setSecure(false);
connector.setRedirectPort(8080); // 监听到http的端口号后转向到https的端口号
return connector;
}
==ok!==到此结束。