1- 使用HTTPS连接器,需要生成一份Certificate keystore,用于加密和机密浏览器的SSL沟通
# windows:
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:\\1.keystore"
# linux:
keytool -genkey -alias tomcat -keyalg RSA
# 执行完上述命令后在home目录下多了一个新的.keystore文件
2- 新增属性文件 tomcat.https.properties
类比
<!-- Define an SSL HTTP/1.1 Connector on port 443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="443" minProcessors="5" maxProcessors="75"
keystoreFile="path.to.keystore"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS" keystorePass="keystore.password"/>
</Connector>
custom.tomcat.https.port=443
custom.tomcat.https.secure=true
custom.tomcat.https.scheme=https
custom.tomcat.https.ssl=true
custom.tomcat.https.keystore=d:\\1.keystore
custom.tomcat.https.keystore-password=xinli2016
3- 新增配置 JAVA代码
package cn.com.xinli.conf;
import java.io.File;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@PropertySource("classpath:/tomcat.https.properties")
@EnableConfigurationProperties(WebConfiguration.TomcatSslConnectorProperties.class)
public class WebConfiguration extends WebMvcConfigurerAdapter {
@Bean
public EmbeddedServletContainerFactory servletContainer(TomcatSslConnectorProperties properties) {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
// SecurityConstraint必须存在,可以通过其为不同的URL设置不同的重定向策略。
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(createSslConnector(properties));
return tomcat;
}
private Connector createSslConnector(TomcatSslConnectorProperties properties) {
Connector connector = new Connector();
properties.configureConnector(connector);
return connector;
}
@ConfigurationProperties(prefix = "custom.tomcat.https")
public static class TomcatSslConnectorProperties {
private Integer port;
private Boolean ssl = true;
private Boolean secure = true;
private String scheme = "https";
private File keystore;
private String keystorePassword;
// 省略 get set
public void configureConnector(Connector connector) {
if (port != null) {
connector.setPort(port);
}
if (secure != null) {
connector.setSecure(secure);
}
if (scheme != null) {
connector.setScheme(scheme);
}
if (ssl != null) {
connector.setProperty("SSLEnabled", ssl.toString());
}
if (keystore != null && keystore.exists()) {
connector.setProperty("keystoreFile", keystore.getAbsolutePath());
connector.setProperty("keystorePass", keystorePassword);
}
}
}
}