spring-boot内嵌三大容器https设置
spring-boot默认的内嵌容器为tomcat,除了tomcat之前还可以设置jetty和undertow。
1.设置https
spring-boot默认http端口为8080,可以在配置文件中通过server.port来修改端口值。
server:
port: 8080
设置https访问只需通过增加配置信息:
server:
port: 8080
ssl:
key-store: classpath:https.jks
key-store-type: JKS
key-store-password: 123456
不过这样设置后http访问不了,只能使用https访问了。我们当然是希望能够兼容,最好是http请求能够自动跳转到https。所以我们增加一个自定义的配置项http.port(因为增加了https访问,所以server.port端口属性被https使用,故增加http端口)
http:
port: 80
server:
port: 443
ssl:
key-store: classpath:https.jks
key-store-type: JKS
key-store-password: 123456
这样配置后,我们希望无论是http://localhost还是https://localhost都能正常访问项目,而且http://localhost还能自动跳转到https://localhost
2.tomcat
spring-boot内嵌容器默认为tomcat,所以我们无需引用其他依赖即可使用
增加配置类
package com.github.yvanchen;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Servlet;
/**
* @author evan.chen
* @date 2019/11/25 10:29
*/
@Configuration
public class TomcatHttpsConfig {
@Value("${server.port}")
protected int httpsPort;
@Value("${http.port}")
protected int httpPort;
@Bean
public ServletWebServerFactory servletWebServerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
//开启HTTP自动跳转至HTTPS
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
Connector connector = new Connector();
connector.setPort(httpPort);
connector.setRedirectPort(httpsPort);
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
}
3.jetty
需要排除默认tomcat,增加jetty
org.springframework.boot
spring-boot-starter-web
org.springframework.boot
spring-boot-starter-tomcat
org.springframework.boot
spring-boot-starter-jetty
增加配置类
package com.github.yvanchen;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.webapp.AbstractConfiguration;
import org.eclipse.jetty.webapp.WebAppContext;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @author evan.chen
* @date 2019/11/25 10:29
*/
@Configuration
public class JettyHttpsConfig {
@Value("${server.port}")
protected int httpsPort;
@Value("${http.port}")
protected int httpPort;
@Bean
public ServletWebServerFactory servletWebServerFactory() {
JettyServletWebServerFactory jetty = new JettyServletWebServerFactory();
jetty.addConfigurations(new AbstractConfiguration() {
@Override
public void configure(WebAppContext context) {
Constraint constraint = new Constraint();
constraint.setDataConstraint(2);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setPathSpec("/*");
constraintMapping.setConstraint(constraint);
ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
constraintSecurityHandler.addConstraintMapping(constraintMapping);
context.setSecurityHandler(constraintSecurityHandler);
}
});
jetty.addServerCustomizers((Server server) -> {
HttpConfiguration http = new HttpConfiguration();
http.setSecurePort(httpsPort);
ServerConnector connector = new ServerConnector(server);
connector.addConnectionFactory(new HttpConnectionFactory(http));
connector.setPort(httpPort);
server.addConnector(connector);
});
return jetty;
}
}
3.undertow
需要排除默认tomcat,增加undertow
org.springframework.boot
spring-boot-starter-web
org.springframework.boot
spring-boot-starter-tomcat
org.springframework.boot
spring-boot-starter-undertow
增加配置类
package com.github.yvanchen;
import io.undertow.Undertow;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @author evan.chen
* @date 2019/11/25 10:29
*/
@Configuration
public class UndertowHttpsConfig {
@Value("${server.port}")
protected int httpsPort;
@Value("${http.port}")
protected int httpPort;
@Bean
public ServletWebServerFactory servletWebServerFactory() {
UndertowServletWebServerFactory undertow = new UndertowServletWebServerFactory();
undertow.addBuilderCustomizers((Undertow.Builder builder) -> {
builder.addHttpListener(httpPort, "0.0.0.0");
});
undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
// 开启HTTP自动跳转至HTTPS
deploymentInfo.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
.setConfidentialPortManager(exchange -> httpsPort);
});
return undertow;
}
}
总结
以上就是对三大内嵌容器设置https的过程