springboot2.x配置https

SpringBoot2.x配置HTTPS访问，总体上可以分为两大步：
一.生成SSL证书
二.配置HTTPS访问

生成SSL证书

取得SSL证书的方法有：（1）阿里云购买免费的ssl证书 （2）用命令生成ssl证书

因为在阿里云购买后需要填写域名，所以这里选择第(2)种方式：用命令生成ssl证书

• 新建一个证书目录，例如D:\sslca，打开cmd命令窗口，切换到D:\sslca

生成服务端证书
keytool -genkey -alias tomat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678

生成证书.png

• 生成客户端证书

生成客户端证书
keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678

客户端证书.png

配置HTTPS访问

1. 打开已有的SpringBoot工程

2. 将证书文件：client.p12复制到resources目录下

   
   
   1636947255(1).png

3. 修改application.yml

server:
  port: 8443 (https端口)
  ssl:
    key-alias: client
    key-store-password: 12345678
    key-store-type: PKCS12
    key-store: D:\personal_workspace\https-demo\src\main\resources\client.p12

4. 修改启动类

package com.example.demo;

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;

@SpringBootApplication
public class DemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }

    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
                super.postProcessContext(context);
            }
        };
        tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
        return tomcat;
    }

    private Connector initiateHttpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);
        connector.setSecure(false);
        connector.setRedirectPort(8443);
        return connector;
    }


}

5. 启动Springboot项目
6. 浏览器访问 https://localhost:8443/hello/world?name=234234234
   
   1636947453(1).png

配置既能支持https又能支持http的方式如下

• 修改application.yml,添加http port配置

server:
  port: 8443
  http:
    port: 8080
  ssl:
    key-alias: client
    key-store-password: 12345678
    key-store-type: PKCS12
    key-store: D:\personal_workspace\https-demo\src\main\resources\client.p12

• 还原启动类（WebsitebackApplication.java）：删除或注释掉servletContainer和initiateHttpConnector方法
• 添加配置类TomcatConfig.java

package com.example.demo.config;

import org.apache.catalina.connector.Connector;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Configuration;

@Configuration
public class TomcatConfig {
    @Value("${server.http.port}")
    private int httpPort;

    public ServletWebServerFactory servletWebServerFactory() {
        TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory();
        tomcatServletWebServerFactory.addAdditionalTomcatConnectors(createStandardConnector());
        return tomcatServletWebServerFactory;
    }

    private Connector createStandardConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setPort(httpPort);
        return connector;
    }
}

ok