springboot ssl http转Https

参考:https://www.cnblogs.com/imfjj/p/9058443.html   (里面有坑)

 

https://blog.csdn.net/l4642247/article/details/81631770  ( 这可以解决)

 

 

https://blog.csdn.net/mickjoust/article/details/51731860   (建议参考)

 

第一步: 生成证书(官方不认证的,建议购买)

  

keytool -genkeypair -alias tomcat -keyalg RSA -keystore E:\tomcat.key

//其中-alias是证书的别名,RSA是加密算法,-keystore后是输出证书的路径所在

 

第二步:  spring boot 配置ssl使用https

首先，将刚刚获取的证书 放在项目根目录

 

第三步: 主文件配置

yaml:

其次.在application.yml添加

server:
  port: 8443
  tomcat:
    max-threads: 800
    accept-count: 30000
    min-spare-threads: 20
    max-connections: 30000
  servlet-path: /photography
  ssl:
#    证书路径
    key-store: tomcat.key
    key-store-type: JKS
    key-alias: tomcat
#    配置密码，就是在生成证书的时候输入的密码
    key-store-password: 123456

 

或者: application.properties (切记 在新的版本中也不是 management.server.ssl.key-store=)   否则就不是Https

server.ssl.key-store=tomcat.key
server.ssl.key-store-type=JKS
server.ssl.key-alias=tomcat
server.ssl.key-store-password=changeit

 

第四部:配置hppt 自动转https共存

 

  

package com.icil.esolution.config;

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * 
 * @ClassName:  HpptsConfiguration   
 * @Description:
 * @Author: Sea
 * @Date: 11 Oct 2018 12:04:44 PM     
 * @Copyright: 2018 ICIL All rights reserved.
 */

//@Configuration
public class HpptsConfiguration {

     @Bean
      public TomcatServletWebServerFactory servletContainer(){
         TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
              @Override
              protected void postProcessContext(Context context) {
                  SecurityConstraint securityConstraint=new SecurityConstraint();
                  securityConstraint.setUserConstraint("CONFIDENTIAL");//confidential <!--如果想关闭SSL则将CONFIDENTIAL改为NONE-->
                  SecurityCollection collection=new SecurityCollection();
                  collection.addPattern("/*");
                  securityConstraint.addCollection(collection);
                  context.addConstraint(securityConstraint);
              }
          };
          tomcat.addAdditionalTomcatConnectors(httpConnector());
          return tomcat;
      }
     
      @Bean
      public Connector httpConnector(){
          Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
          connector.setScheme("https");
          connector.setPort(8080);
          connector.setSecure(false);
          connector.setRedirectPort(8443);
          return connector;
      }
    
      
      
      
      
      
      
     /*** 
      
      
      // 在某配置类中添加如下内容
        // 监听的http请求的端口,需要在application配置中添加http.port=端口号  如80
        @Value("${http.port}")
        Integer httpPort;

        //正常启用的https端口 如443
        @Value("${server.port}")
        Integer httpsPort;

        // springboot2 写法
        @Bean
        public TomcatServletWebServerFactory servletContainer() {
            TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
                @Override
                protected void postProcessContext(Context context) {
                    SecurityConstraint constraint = new SecurityConstraint();
                    constraint.setUserConstraint("CONFIDENTIAL");
                    SecurityCollection collection = new SecurityCollection();
                    collection.addPattern("/*");
                    constraint.addCollection(collection);
                    context.addConstraint(constraint);
                }
            };
            tomcat.addAdditionalTomcatConnectors(httpConnector());
            return tomcat;
        }

        @Bean
        public Connector httpConnector() {
            Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
            connector.setScheme("http");
            //Connector监听的http的端口号
            connector.setPort(httpPort);
            connector.setSecure(false);
            //监听到http的端口号后转向到的https的端口号
            connector.setRedirectPort(httpsPort);
            return connector;
        }


      
    
    
    */
    
    
    
}