Springboot项目中启用Https

参考 Spring Boot中启动HTTPS ,https://www.website-solution.net/ssl-certificate/...Spring Boot中启动HTTPS

SpringBoot 2.0.0新版和SpringBoot1.5.2版本中Tomcat配置的差别（坑）,,Https系列之三：让服务器同时支持http、https，基于spring boot

Spring Boot 配置 SSL 憑證的設定,,HTTP，HTTPS详解以及get post区别，状态码

SSL Certificate(SSL 证书)

    是数字证书的一种，类似于驾驶证，护照和营业执照的电子副本，因为配置在服务器上，也称为SSL服务器证书。SSL 证书遵守SSL协议，由受信任的数字证书颁发机构，在验证服务器身份后颁发，具有服务器身份验证和数据传输加密功能。SSL证书给予网站HTTPS安全协议加密传输与信任功能。SSL证书是用于在Web服务器与浏览器以及客户端之间建立加密链接的加密技术。通过配置和应用SSL证书来启用HTTPS协议，来保证互联网数据传输的安全，全球每天有数以亿计的网站都是通过HTTPS来确保数据安全，保护用户隐私。

 

1.生成JKS格式证书 common_name.jks

在Linux 服务器中指定step1,2,4,5 来生成JKS 格式的证书，生成证书过程如下，需要记住step4,step5设置的 keystore password, 用默认的changeit 即可

##1.generate private key:
openssl genrsa -out common_name_private_key.pem

##2.generate crs using private key
openssl req -new -key common_name_private_key.pem -out common_name.csr

##3.generate certificate.pem using csr

##4.generate JKS certificate using private key and certificate.pem
openssl pkcs12 -inkey common_name_private_key.pem -in common_name.pem -export -out common_name.p12

keytool -importkeystore -srckeystore common_name.p12 -srcstoretype pkcs12 -destkeystore common_name.jks -deststoretype JKS

 

2.把证书 common_name.jks 放到 src\main\resources 目录

 

3. 在application.properties中配置HTTPS  这里密码是生成证书时自己设置的密码

#https
server.port=8443
server.ssl.key-store=classpath:common_name.jks
server.ssl.key-store-password=123456
server.ssl.keyStoreType=JKS

　　

4.将HTTP请求重定向到HTTPS（可选）

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ServletWebServerConfiguration {
    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                // Due to CONFIDENTIAL and /*, this will cause Tomcat to redirect every request to HTTPS.
                // You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;

    }

    @Bean
    public Connector httpConnector() {

        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);
        // if connector.setSecure(true),the http use the http and https use the https
        // else if connector.setSecure(false),the http redirect to https;
        connector.setSecure(true);
        // redirectPort The redirect port number (non-SSL to SSL)
        connector.setRedirectPort(8443);
        return connector;
    }

}

 

5.启动项目 会有如下log打出

 o.s.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''