一、使用keytool生成自己的tomcathttps.p12证书,名字可以随便取
keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore tomcathttps.p12 -validity 365
-genkey 表示要创建一个新的密钥
-alias 表示keystore的别名
-keyalg 表示使用的加密算法
-keysize 密钥的长度
-keystore 密钥存放的位置
-validity 密钥有效时间,单位天
注意:提示需要你输入密钥口令。
二、把生成的 tomcathttps.p12,复制到springboot的跟路径,然后在application.properties文件配置。
server.port=8081
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
server.ssl.key-store=tomcathttps.p12
#server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=123456
三、通过https://127.0.0.1:8081访问。
3.1 chrome浏览器访问不了
3.2 使用其他浏览器试试吧,safar浏览器成功访问。
四、配置同时支持http和https访问
4.1 添加一个配置类
package com.tree.securitydemo.config;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* TomcatConfig
*
* @author zhong
* @create 2020-10-11 15:08
* @contact 1478168700@qq.com
**/
@Configuration
public class TomcatConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
// 如果要强制使用https,请松开以下注释
/*SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);*/
}
};
tomcat.addAdditionalTomcatConnectors(createStandardConnector()); // 添加http
return tomcat;
}
// 配置http
private Connector createStandardConnector() {
// 默认协议为org.apache.coyote.http11.Http11NioProtocol
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setSecure(false);
connector.setScheme("http");
connector.setPort(port);
connector.setRedirectPort(httpsPort); // 当http重定向到https时的https端口号
return connector;
}
@Value("${http.port}")
private Integer port;
@Value("${server.port}")
private Integer httpsPort;
}
4.2 更改application.properties文件
添加:http.port=8080
#http port
http.port=8080
#https port
server.port=8081
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
server.ssl.key-store=sang.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=123456
4.3访问http://127.0.0.1:8080,成功。
4.4 访问https://127.0.0.1:8081,https://127.0.0.1:8081,成功