SpringBoot 实现 https 访问, 并实现 http 访问自动转 https 访问
原创
©著作权归作者所有:来自51CTO博客作者Jaemon的原创作品,请联系作者获取转载授权,否则将追究法律责任
SpringBoot 实现 https 访问, 并实现 http 访问自动转 https 访问
文章目录
- SpringBoot 实现 https 访问, 并实现 http 访问自动转 https 访问
- 1. 使用 jdk 自带的 keytools 创建证书
- 2. 将 生成的 tomcat.keystore 文件复制到项目的 resources 目录下
- 3. 在 application.properties 文件中添加如下配置
- 4. http 访问自动转 https 访问
- 5. 访问验证
- 6. 报错分析
1. 使用 jdk 自带的 keytools 创建证书
# -alias 产生别名 每个keystore都关联这一个独一无二的alias, 这个alias通常不区分大小写
# -keystore 指定密钥库的名称(产生的各类信息将不在.keystore文件中)
# -validity 指定创建的证书有效期多少天(默认: 90)
# -keysize 指定密钥长度(默认: 1024)
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore /home/ubuntu/answer/fabric/tomcat.keystore -validity 3650
Enter keystore password: # 123456
Re-enter new password: # 123456
What is your first and last name?
[Unknown]: l
What is the name of your organizational unit?
[Unknown]: l
What is the name of your organization?
[Unknown]: l
What is the name of your City or Locality?
[Unknown]: l
What is the name of your State or Province?
[Unknown]: l
What is the two-letter country code for this unit?
[Unknown]: l
Is CN=l, OU=l, O=l, L=l, ST=l, C=l correct?
[no]: yes
2. 将 生成的 tomcat.keystore 文件复制到项目的 resources 目录下
3. 在 application.properties 文件中添加如下配置
server.port=8888
server.http.port=8080
# 生成的证书文件
server.ssl.key-store=classpath:tomcat.keystore
server.ssl.key-store-type=PKCS12
server.ssl.enabled=true
# 密钥库密码
server.ssl.key-store-password=123456
server.ssl.key-alias=tomcat
4. http 访问自动转 https 访问
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
public class SpringbootMybatisWebApplication {
@Value("${server.port}")
private Integer httpsPort;
@Value("${server.http.port}")
private Integer httpPort;
public static void main(String[] args) {
SpringApplication.run(SpringbootMybatisWebApplication.class, args);
}
@Bean
public TomcatServletWebServerFactory servletContainer() {
// TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { ... }
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(connector());
return tomcat;
}
@Bean
public Connector connector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(httpPort);
connector.setSecure(false);
connector.setRedirectPort(httpsPort);
return connector;
}
}
5. 访问验证
https://localhost:8888/smw/user/findUsers
http://localhost:8080/smw/user/findUsers
6. 报错分析
# 启动报错: java.security.NoSuchProviderException: no such provider: PKCS12
# 注释掉 application.properties 中 如下配置
server.ssl.key-store-provider=PKCS12
