diff --git a/src/main/java/frodez/config/security/settings/SecurityProperties.java b/src/main/java/frodez/config/security/settings/SecurityProperties.java index 0b4be77..fbe0155 100644 --- a/src/main/java/frodez/config/security/settings/SecurityProperties.java +++ b/src/main/java/frodez/config/security/settings/SecurityProperties.java @@ -18,6 +18,8 @@ @ConfigurationProperties(prefix = "security") public class SecurityProperties { + private Integer httpsPort = 8443; + /** * 跨域参数 */ diff --git a/src/main/java/frodez/config/security/settings/UndertowConfig.java b/src/main/java/frodez/config/security/settings/UndertowConfig.java new file mode 100644 index 0000000..4141cd2 --- /dev/null +++ b/src/main/java/frodez/config/security/settings/UndertowConfig.java @@ -0,0 +1,53 @@ +package frodez.config.security.settings; + +import io.undertow.UndertowOptions; +import io.undertow.servlet.api.SecurityConstraint; +import io.undertow.servlet.api.SecurityInfo; +import io.undertow.servlet.api.TransportGuaranteeType; +import io.undertow.servlet.api.WebResourceCollection; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.web.ServerProperties; +import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory; +import org.springframework.boot.web.server.WebServerFactory; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +/** + * Undertow配置 + * @author Frodez + * @date 2019-05-10 + */ +@Configuration +public class UndertowConfig { + + @Autowired + private SecurityProperties securityProperties; + + @Autowired + private ServerProperties serverProperties; + + /** + * 配置HTTPS和HTTP2 + * @author Frodez + * @date 2019-05-10 + */ + @Bean + public WebServerFactory serverFactory() { + UndertowServletWebServerFactory factory = new UndertowServletWebServerFactory(); + factory.addBuilderCustomizers(builder -> builder.addHttpListener(serverProperties.getPort(), "0.0.0.0")); + //开启HTTP2 + factory.addBuilderCustomizers(builder -> { + builder.setServerOption(UndertowOptions.ENABLE_HTTP2, serverProperties.getHttp2().isEnabled()) + .setServerOption(UndertowOptions.HTTP2_SETTINGS_ENABLE_PUSH, serverProperties.getHttp2().isEnabled()); + }); + //开启HTTP自动跳转至HTTPS + factory.addDeploymentInfoCustomizers(deploymentInfo -> { + deploymentInfo.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection( + new WebResourceCollection().addUrlPattern("/*")).setTransportGuaranteeType( + TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)) + .setConfidentialPortManager(exchange -> securityProperties.getHttpsPort()); + }); + return factory; + } + +} diff --git a/src/main/java/frodez/config/security/settings/WebSecurityConfig.java b/src/main/java/frodez/config/security/settings/WebSecurityConfig.java index 5bf2f33..c721fec 100644 --- a/src/main/java/frodez/config/security/settings/WebSecurityConfig.java +++ b/src/main/java/frodez/config/security/settings/WebSecurityConfig.java @@ -76,6 +76,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { List permitAllPathList = properties.getAuth().getPermitAllPath(); + //开启https + http.requiresChannel().anyRequest().requiresSecure(); http.cors().and().csrf().disable().exceptionHandling() // 无权限时导向noAuthPoint .authenticationEntryPoint(authentication).and().exceptionHandling().accessDeniedHandler(accessDenied).and() diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index e9668ab..b8cb6ce 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -1,4 +1,8 @@ server: + ssl: key-store: classpath:others/frodez.p12 + key-store-password: 123456 + key-store-type: PKCS12 + key-alias: frodez error: path: /error port: 9090 #请注意服务器上是否配备了防火墙策略,该端口是否开放 diff --git a/src/main/resources/others/frodez.p12 b/src/main/resources/others/frodez.p12 new file mode 100644 index 0000000..21d7d6f Binary files /dev/null and b/src/main/resources/others/frodez.p12 differ diff --git a/src/main/resources/settings/dev/security.properties b/src/main/resources/settings/dev/security.properties index 148c636..d9ac696 100644 --- a/src/main/resources/settings/dev/security.properties +++ b/src/main/resources/settings/dev/security.properties @@ -1,3 +1,5 @@ +security.https-port=8443 + security.auth.denied-role=USER_NO_PERMISSION security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh,/swagger-resources/**,/swagger-ui.html**,/webjars/**,/v2/api-docs diff --git a/src/main/resources/settings/prod/security.properties b/src/main/resources/settings/prod/security.properties index 2c043c8..3dd5483 100644 --- a/src/main/resources/settings/prod/security.properties +++ b/src/main/resources/settings/prod/security.properties @@ -1,3 +1,5 @@ +security.https-port=8443 + security.auth.denied-role=USER_NO_PERMISSION security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh diff --git a/src/main/resources/settings/release/security.properties b/src/main/resources/settings/release/security.properties index 2c043c8..3dd5483 100644 --- a/src/main/resources/settings/release/security.properties +++ b/src/main/resources/settings/release/security.properties @@ -1,3 +1,5 @@ +security.https-port=8443 + security.auth.denied-role=USER_NO_PERMISSION security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh diff --git a/src/main/resources/settings/test/security.properties b/src/main/resources/settings/test/security.properties index 148c636..d9ac696 100644 --- a/src/main/resources/settings/test/security.properties +++ b/src/main/resources/settings/test/security.properties @@ -1,3 +1,5 @@ +security.https-port=8443 + security.auth.denied-role=USER_NO_PERMISSION security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh,/swagger-resources/**,/swagger-ui.html**,/webjars/**,/v2/api-docs