Spring Boot工程支持HTTP和HTTPS,HTTP重定向HTTPS
rc0547
9年前
来自: http://my.oschina.net/freegarden/blog/609975
1- 使用HTTPS连接器,需要生成一份Certificate keystore,用于加密和机密浏览器的SSL沟通
# windows: keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:\\1.keystore" # linux: keytool -genkey -alias tomcat -keyalg RSA # 执行完上述命令后在home目录下多了一个新的.keystore文件
2- 新增属性文件 tomcat.https.properties
类比
<!-- Define an SSL HTTP/1.1 Connector on port 443 --> <Connector className="org.apache.catalina.connector.http.HttpConnector" port="443" minProcessors="5" maxProcessors="75" keystoreFile="path.to.keystore" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystorePass="keystore.password"/> </Connector>
custom.tomcat.https.port=443 custom.tomcat.https.secure=true custom.tomcat.https.scheme=https custom.tomcat.https.ssl=true custom.tomcat.https.keystore=d:\\1.keystore custom.tomcat.https.keystore-password=xinli2016
3- 新增配置 JAVA代码
package cn.com.xinli.conf; import java.io.File; import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory; import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration @PropertySource("classpath:/tomcat.https.properties") @EnableConfigurationProperties(WebConfiguration.TomcatSslConnectorProperties.class) public class WebConfiguration extends WebMvcConfigurerAdapter { @Bean public EmbeddedServletContainerFactory servletContainer(TomcatSslConnectorProperties properties) { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { @Override protected void postProcessContext(Context context) { // SecurityConstraint必须存在,可以通过其为不同的URL设置不同的重定向策略。 SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(createSslConnector(properties)); return tomcat; } private Connector createSslConnector(TomcatSslConnectorProperties properties) { Connector connector = new Connector(); properties.configureConnector(connector); return connector; } @ConfigurationProperties(prefix = "custom.tomcat.https") public static class TomcatSslConnectorProperties { private Integer port; private Boolean ssl = true; private Boolean secure = true; private String scheme = "https"; private File keystore; private String keystorePassword; // 省略 get set public void configureConnector(Connector connector) { if (port != null) { connector.setPort(port); } if (secure != null) { connector.setSecure(secure); } if (scheme != null) { connector.setScheme(scheme); } if (ssl != null) { connector.setProperty("SSLEnabled", ssl.toString()); } if (keystore != null && keystore.exists()) { connector.setProperty("keystoreFile", keystore.getAbsolutePath()); connector.setProperty("keystorePass", keystorePassword); } } } }