469
技術社區[雲棲]
Spring項目HTTPS
簡介
SSL(Secure Sockets Layer)是為網絡通信提供安全及數據完整性的一種安全協議,SSL在網絡傳輸層對網絡進行加密。SSL協議可以分為兩層:SSL記錄協議,為高層協議提供數據封裝、壓縮、加密,建立在TCP基礎上;SSL握手協議建立在SSL記錄協議之上,用於在實際數據開始傳輸之前,通信雙方進行身份認證、協商加密算法、交換加密秘鑰。
操作流程
生成證書
jdk自帶的工具中,keytool是一個證書管理工具,可以用來生成自簽名的證書。
keytool -genkey -alias tomcat
keytool -genkey -alias tomcat -keyalg "RSA" -keystore "test.keystore"
keytool -list -keystore test.keystore
keytool -delete -alias tomcat
運行完成後會在當前==用戶目錄==下聲稱.keystore文件,將對應的文件copy到resources目錄下。
spring boot配置
server.ssl.key-store = .keystore
server.ssl.key-store-password = 123456
server.ssl.keyStroreType = JKS
server.ssl.keyAlias
http以及https支持
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
private Connector createSslConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
try {
File keystore = new ClassPathResource("keystore").getFile();
File truststore = new ClassPathResource("keystore").getFile();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(8443);
protocol.setSSLEnabled(true);
protocol.setKeystoreFile(keystore.getAbsolutePath());
protocol.setKeystorePass("changeit");
protocol.setTruststoreFile(truststore.getAbsolutePath());
protocol.setTruststorePass("changeit");
protocol.setKeyAlias("apitester");
return connector;
}
catch (IOException ex) {
throw new IllegalStateException("can't access keystore: [" + "keystore"
+ "] or truststore: [" + "keystore" + "]", ex);
}
}
http協議自動轉向https
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
Q&A
開啟SSL之後在瀏覽器中訪問,可能訪問到的內容為空,主要是安全證書問題。有些瀏覽器存在安全證書問題時不會提示,不安全訪問,而直接靜止訪問,可以更換一個瀏覽器試試。
最後更新:2017-08-13 22:20:43