Spring Boot工程支持HTTP和HTTPS,HTTP重定向HTTPS
來自: http://my.oschina.net/freegarden/blog/609975
1- 使用HTTPS連接器,需要生成一份Certificate keystore,用于加密和機密瀏覽器的SSL溝通
# windows: keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:\\1.keystore" # linux: keytool -genkey -alias tomcat -keyalg RSA # 執行完上述命令后在home目錄下多了一個新的.keystore文件
2- 新增屬性文件 tomcat.https.properties
類比
<!-- Define an SSL HTTP/1.1 Connector on port 443 --> <Connector className="org.apache.catalina.connector.http.HttpConnector" port="443" minProcessors="5" maxProcessors="75" keystoreFile="path.to.keystore" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystorePass="keystore.password"/> </Connector>
custom.tomcat.https.port=443 custom.tomcat.https.secure=true custom.tomcat.https.scheme=https custom.tomcat.https.ssl=true custom.tomcat.https.keystore=d:\\1.keystore custom.tomcat.https.keystore-password=xinli2016
3- 新增配置 JAVA代碼
package cn.com.xinli.conf;
import java.io.File;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@PropertySource("classpath:/tomcat.https.properties")
@EnableConfigurationProperties(WebConfiguration.TomcatSslConnectorProperties.class)
public class WebConfiguration extends WebMvcConfigurerAdapter {
@Bean
public EmbeddedServletContainerFactory servletContainer(TomcatSslConnectorProperties properties) {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
// SecurityConstraint必須存在,可以通過其為不同的URL設置不同的重定向策略。
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(createSslConnector(properties));
return tomcat;
}
private Connector createSslConnector(TomcatSslConnectorProperties properties) {
Connector connector = new Connector();
properties.configureConnector(connector);
return connector;
}
@ConfigurationProperties(prefix = "custom.tomcat.https")
public static class TomcatSslConnectorProperties {
private Integer port;
private Boolean ssl = true;
private Boolean secure = true;
private String scheme = "https";
private File keystore;
private String keystorePassword;
// 省略 get set
public void configureConnector(Connector connector) {
if (port != null) {
connector.setPort(port);
}
if (secure != null) {
connector.setSecure(secure);
}
if (scheme != null) {
connector.setScheme(scheme);
}
if (ssl != null) {
connector.setProperty("SSLEnabled", ssl.toString());
}
if (keystore != null && keystore.exists()) {
connector.setProperty("keystoreFile", keystore.getAbsolutePath());
connector.setProperty("keystorePass", keystorePassword);
}
}
}
}
本文由用戶 rc0547 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!