关于springboot 配置ssl 进行https访问
关于springboot 配置ssl 进行https访问
springboot版本:2.1.7.RELEASE
内置tomcat版本:9.0.12
jdk:1.8
生成证书
- 在cmd中输入:keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650,前提是配置好了jdk环境。在当前目录将会生成一个后缀为p12的文件,将其拷贝到springboot 的根目录下(resoure下也可以)在application.properties中配置:
server.ssl.key-store =classpath:keystore.p12
#你之前填好的密码
server.ssl.key-store-password=123456
#加入下面的一行代码会出错,原因未知 ,可能是内置tomcat不支持
#server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias:tomcat
如果你还想进行http访问,以下配置将会让http访问直接跳转到https:
@Configuration
public class HttpsConfig {
//注意springboot2的变化
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory factory= new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
factory.addAdditionalTomcatConnectors(initiateHttpConnector());
return factory;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
接下来就是编写controller进行test,此处省略。。。
过程中所遇到的问题:
1、注意空格,编写配置信息时注意不要有空格,尤其是每句的后面,否则会出现不可预知的错误。
2、在进步配置好了后进行访问时,会出现https 访问报错的情况:
java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1037) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:458) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.8.0_181]
at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:460) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1564) ~[tomcat-embed-core-9.0.22.jar:9.0.22]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.22.jar:9.0.22]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.22.jar:9.0.22]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
这种可能与tomcat 版本有关,在pom中加入依赖:
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.12</version>
</dependency>
《
就可以了