Spring Boot 配置 HTTPS 访问

SpringBoot 专栏收录该内容
56 篇文章 0 订阅

Spring Boot 配置 HTTPS 访问

生成证书

  • 创建新证书
keytool -genkeypair -alias hellowood -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore hellowood.p12 -validity 3650
输入密钥库口令:
再次输入新口令:
您的名字与姓氏是什么?
  [Unknown]:  HellWood
您的组织单位名称是什么?
  [Unknown]:  HelloWood
您的组织名称是什么?
  [Unknown]:  HelloWood
您所在的城市或区域名称是什么?
  [Unknown]:  BJ
您所在的省/市/自治区名称是什么?
  [Unknown]:  BJ
该单位的双字母国家/地区代码是什么?
  [Unknown]:  CN
CN=HellWood, OU=HelloWood, O=HelloWood, L=BJ, ST=BJ, C=CN是否正确?
  [否]:  y

这样就生成了 hellowood.p12这个证书

  • 如果已经有一个证书,可以将该证书转换为 PKCS格式
keytool -import -alias hellowood -file hellowood.crt -keystore hellowood.p12
// 或
keytool -importkeystore -srckeystore hellowood.jks -destkeystore hellowood.p12 -deststoretype pkcs12

配置 HTTPS

  • hellowood.p12 添加到 resources/
  • application.properties
# SSL config
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:hellowood.p12
server.ssl.key-store-password=123456
server.ssl.key-alias=hellowood
server.ssl.enabled=true
  • 添加接口
@RestController
public class BaseController {

    @GetMapping("/")
    public String root() {
        return "HelloWood";
    }
}
  • 启动应用,会看到日志中有提示应用使用 HTTPS 启动
2018-12-31 21:54:07.940  INFO 24001 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (https) with context path ''
  • 访问 http://localhost:8080,会提示需要使用 HTTPS 进行访问
curl http://localhost:8080/
Bad Request
This combination of host and port requires TLS.
  • 访问 https://localhost:8080,会成功返回 HelloWood
 curl --insecure https://localhost:8080
 HelloWood%

重定向 HTTP 到 HTTPS

  • 修改端口,添加 HTTP 端口 (application.properties)
server.port=8443
server.port.http=8080
  • 添加重定向配置ConnectorConfig.java
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ConnectorConfig {

    @Value("${server.port.http}")
    private int serverPortHttp;

    @Value("${server.port}")
    private int serverPortHttps;

    @Bean
    public ServletWebServerFactory servletWebServerFactory() {
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection securityCollection = new SecurityCollection();
                securityCollection.addPattern("/*");
                securityConstraint.addCollection(securityCollection);
                context.addConstraint(securityConstraint);
            }
        };
        factory.addAdditionalTomcatConnectors(redirectConnector());
        return factory;
    }

    private Connector redirectConnector() {
        Connector connector = new Connector(Http11NioProtocol.class.getName());
        connector.setScheme("http");
        connector.setPort(serverPortHttp);
        connector.setSecure(false);
        connector.setRedirectPort(serverPortHttps);
        return connector;
    }
}
  • 再次启动应用,看到日志中有 HTTP 和 HTTPS 的端口信息
2018-12-31 22:17:47.113  INFO 24612 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''
  • 访问 http://localhost:8080,将会被重定向到https://localhost:8443
curl -v http://localhost:8080
* Rebuilt URL to: http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 302
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: https://localhost:8443/
< Content-Length: 0
< Date: Mon, 31 Dec 2018 14:31:44 GMT
<
* Connection #0 to host localhost left intact
  • 访问 https://localhost:8443正常返回HelloWood
curl https://localhost:8443 --insecure
HelloWood%
  • 2
    点赞
  • 0
    评论
  • 11
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

打赏
文章很值,打赏犒劳作者一下
相关推荐
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页

打赏

呜呜呜啦啦啦

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值