Spring Boot工程支持HTTP和HTTPS，HTTP重定向HTTPS

2019独角兽企业重金招聘Python工程师标准>>>

1- 使用HTTPS连接器，需要生成一份Certificate keystore，用于加密和机密浏览器的SSL沟通

# windows:
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:\\1.keystore"

# linux:
keytool -genkey -alias tomcat -keyalg RSA
# 执行完上述命令后在home目录下多了一个新的.keystore文件

2- 新增属性文件 tomcat.https.properties

    类比

<!-- Define an SSL HTTP/1.1 Connector on port 443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector" 
port="443" minProcessors="5" maxProcessors="75"
keystoreFile="path.to.keystore"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS" keystorePass="keystore.password"/>
</Connector>

custom.tomcat.https.port=443
custom.tomcat.https.secure=true
custom.tomcat.https.scheme=https
custom.tomcat.https.ssl=true
custom.tomcat.https.keystore=d:\\1.keystore
custom.tomcat.https.keystore-password=xinli2016

3- 新增配置 JAVA代码

package cn.com.xinli.conf;

import java.io.File;

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@PropertySource("classpath:/tomcat.https.properties")
@EnableConfigurationProperties(WebConfiguration.TomcatSslConnectorProperties.class)
public class WebConfiguration extends WebMvcConfigurerAdapter {

	@Bean
	public EmbeddedServletContainerFactory servletContainer(TomcatSslConnectorProperties properties) {
		TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
			@Override
			protected void postProcessContext(Context context) {
				// SecurityConstraint必须存在，可以通过其为不同的URL设置不同的重定向策略。
				SecurityConstraint securityConstraint = new SecurityConstraint();
				securityConstraint.setUserConstraint("CONFIDENTIAL");
				SecurityCollection collection = new SecurityCollection();
				collection.addPattern("/*");
				securityConstraint.addCollection(collection);
				context.addConstraint(securityConstraint);
			}
		};
		tomcat.addAdditionalTomcatConnectors(createSslConnector(properties));
		return tomcat;
	}

	private Connector createSslConnector(TomcatSslConnectorProperties properties) {
		Connector connector = new Connector();
		properties.configureConnector(connector);
		return connector;
	}

	@ConfigurationProperties(prefix = "custom.tomcat.https")
	public static class TomcatSslConnectorProperties {
		private Integer port;
		private Boolean ssl = true;
		private Boolean secure = true;
		private String scheme = "https";
		private File keystore;
		private String keystorePassword;

		// 省略 get set
		
		public void configureConnector(Connector connector) {
			if (port != null) {
				connector.setPort(port);
			}
			if (secure != null) {
				connector.setSecure(secure);
			}
			if (scheme != null) {
				connector.setScheme(scheme);
			}
			if (ssl != null) {
				connector.setProperty("SSLEnabled", ssl.toString());
			}
			if (keystore != null && keystore.exists()) {
				connector.setProperty("keystoreFile", keystore.getAbsolutePath());
				connector.setProperty("keystorePass", keystorePassword);
			}
		}

	}

}

转载于:https://my.oschina.net/freegarden/blog/609975