Springboot 应用支持https协议

1、背景：

A、项目需要提供对外restful接口且支持https协议。
B、项目使用服务器为tomcat服务器，如果使用nginx服务器可以使用nginx配置来实现https的访问。

2、步骤（支持https，且http自动跳转到https的配置步骤）

要想支持https协议需要相应签名的SSL证书，在本地测试时可自己用javatool生成。
step 1、打开控制台输入：

keytool -genkey -alias tomcat  -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

按提示输入相关信息即可，输入完成之后会在当前路径生成证书。

step 2、把证书复制到项目里，我是放到了这里

step 3、配置properties

server.port=8443
server.http.port=8091

server.ssl.key-store=keystore.p12
server.ssl.key-store-password=liuniukeji
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat

step 4、添加配置类

@Configuration
public class HttpsConfig {

    /**
     * spring boot 2.0
     * @return
     */
    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }

    @Bean
    public Connector httpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        //Connector监听的http的端口号
        connector.setPort(8091);
        connector.setSecure(false);
        //监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(8443);
        return connector;
    }

}

3、步骤（同时支持https，http的配置步骤）

step 1、同2中的step 1
step 2、把证书复制到resources目录下

step 3、配置properties

## server配置
server.port=8091
        
# 配置SSL
https.ssl.enable=true
# resources目录下的证书名
https.ssl.key-store=keystore.p12
# 证书密码
https.ssl.key-store-password=liuniukeji
# 密钥仓库类型
https.ssl.keyStoreType=PKCS12
# https端口
https.ssl.port=8443

step 4、添加配置类

@Configuration
public class HttpsConfig {

    private Logger logger = LoggerFactory.getLogger(getClass());

    @Value("${https.ssl.port}")
    private Integer tomcatSSLPort;

    @Value("${https.ssl.enable}")
    private boolean sslEnabled;

    @Value("${https.ssl.key-store}")
    private String tomcatSSLKeyStore;

    @Value("${https.ssl.key-store-password}")
    private String keystorePassword;

    @Value("${https.ssl.keyStoreType}")
    private String keystoreType;

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
        tomcat.addAdditionalTomcatConnectors(createSSLConnector());
        return tomcat;
    }

    private Connector createSSLConnector() {
        Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
        try {
            File keystore = new ClassPathResource(tomcatSSLKeyStore).getFile();
            connector.setPort(tomcatSSLPort);
            connector.setSecure(true);
            connector.setScheme("https");
            connector.setAttribute("SSLEnabled", true);
            connector.setAttribute("sslProtocol", "TLS");
            connector.setAttribute("clientAuth", false);
            connector.setAttribute("keystoreFile", keystore.getAbsolutePath());
            connector.setAttribute("keystoreType", keystoreType);
            connector.setAttribute("keystorePass", keystorePassword);
            connector.setAttribute("keyPass", keystorePassword);
        } catch (Exception e) {
            logger.error("HttpsConfig异常 error", e);
        }
        return connector;
    }
}

配置完成之后，启动项目，控制台输出：
Tomcat started on port(s): 8091 (http) 8443 (https) with context path ‘’

PS：如果博文有写的不对或者有更好的方式，欢迎大家评论或者私信指正。