SpringBoot 实现 https 访问, 并实现 http 访问自动转 https 访问

SpringBoot 实现 https 访问, 并实现 http 访问自动转 https 访问

1. 使用 jdk 自带的 keytools 创建证书

# -alias 产生别名 每个keystore都关联这一个独一无二的alias, 这个alias通常不区分大小写
# -keystore 指定密钥库的名称(产生的各类信息将不在.keystore文件中)
# -validity 指定创建的证书有效期多少天(默认: 90)
# -keysize 指定密钥长度(默认: 1024)
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore /home/ubuntu/answer/fabric/tomcat.keystore -validity 3650


Enter keystore password:  					# 123456
Re-enter new password: 						# 123456
What is your first and last name?
  [Unknown]:  l
What is the name of your organizational unit?
  [Unknown]:  l
What is the name of your organization?
  [Unknown]:  l
What is the name of your City or Locality?
  [Unknown]:  l
What is the name of your State or Province?
  [Unknown]:  l
What is the two-letter country code for this unit?
  [Unknown]:  l
Is CN=l, OU=l, O=l, L=l, ST=l, C=l correct?
  [no]:  yes

2. 将 生成的 tomcat.keystore 文件复制到项目的 resources 目录下

3. 在 application.properties 文件中添加如下配置

server.port=8888
server.http.port=8080

# 生成的证书文件
server.ssl.key-store=classpath:tomcat.keystore
server.ssl.key-store-type=PKCS12

server.ssl.enabled=true
# 密钥库密码
server.ssl.key-store-password=123456
server.ssl.key-alias=tomcat

4. http 访问自动转 https 访问

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;

public class SpringbootMybatisWebApplication {
    
    @Value("${server.port}")
    private Integer httpsPort;

    @Value("${server.http.port}")
    private Integer httpPort;
    
    
    public static void main(String[] args) {
		SpringApplication.run(SpringbootMybatisWebApplication.class, args);
	}
    
    
    @Bean
    public TomcatServletWebServerFactory servletContainer() {
    //		TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { ... }

        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(connector());
        return tomcat;
    }

    @Bean
    public Connector connector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(httpPort);
        connector.setSecure(false);
        connector.setRedirectPort(httpsPort);
        return connector;
    }
}

5. 访问验证

https://localhost:8888/smw/user/findUsers

http://localhost:8080/smw/user/findUsers

6. 报错分析

# 启动报错： java.security.NoSuchProviderException: no such provider: PKCS12

# 注释掉 application.properties 中 如下配置
server.ssl.key-store-provider=PKCS12