From bc0fc7f5f4ae90d7590490fb3a224c5673ea9efb Mon Sep 17 00:00:00 2001
From: Frodez <463082995@qq.com>
Date: Fri, 10 May 2019 23:42:57 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BC=80=E5=90=AFhttps=E5=92=8Chttp2=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/settings/SecurityProperties.java |   2 +
 .../security/settings/UndertowConfig.java     |  53 ++++++++++++++++++
 .../security/settings/WebSecurityConfig.java  |   2 +
 src/main/resources/application-dev.yml        |   4 ++
 src/main/resources/others/frodez.p12          | Bin 0 -> 1727 bytes
 .../settings/dev/security.properties          |   2 +
 .../settings/prod/security.properties         |   2 +
 .../settings/release/security.properties      |   2 +
 .../settings/test/security.properties         |   2 +
 9 files changed, 69 insertions(+)
 create mode 100644 src/main/java/frodez/config/security/settings/UndertowConfig.java
 create mode 100644 src/main/resources/others/frodez.p12

diff --git a/src/main/java/frodez/config/security/settings/SecurityProperties.java b/src/main/java/frodez/config/security/settings/SecurityProperties.java
index 0b4be77..fbe0155 100644
--- a/src/main/java/frodez/config/security/settings/SecurityProperties.java
+++ b/src/main/java/frodez/config/security/settings/SecurityProperties.java
@@ -18,6 +18,8 @@
 @ConfigurationProperties(prefix = "security")
 public class SecurityProperties {
 
+	private Integer httpsPort = 8443;
+
 	/**
 	 * 跨域参数
 	 */
diff --git a/src/main/java/frodez/config/security/settings/UndertowConfig.java b/src/main/java/frodez/config/security/settings/UndertowConfig.java
new file mode 100644
index 0000000..4141cd2
--- /dev/null
+++ b/src/main/java/frodez/config/security/settings/UndertowConfig.java
@@ -0,0 +1,53 @@
+package frodez.config.security.settings;
+
+import io.undertow.UndertowOptions;
+import io.undertow.servlet.api.SecurityConstraint;
+import io.undertow.servlet.api.SecurityInfo;
+import io.undertow.servlet.api.TransportGuaranteeType;
+import io.undertow.servlet.api.WebResourceCollection;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
+import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Undertow配置
+ * @author Frodez
+ * @date 2019-05-10
+ */
+@Configuration
+public class UndertowConfig {
+
+	@Autowired
+	private SecurityProperties securityProperties;
+
+	@Autowired
+	private ServerProperties serverProperties;
+
+	/**
+	 * 配置HTTPS和HTTP2
+	 * @author Frodez
+	 * @date 2019-05-10
+	 */
+	@Bean
+	public WebServerFactory serverFactory() {
+		UndertowServletWebServerFactory factory = new UndertowServletWebServerFactory();
+		factory.addBuilderCustomizers(builder -> builder.addHttpListener(serverProperties.getPort(), "0.0.0.0"));
+		//开启HTTP2
+		factory.addBuilderCustomizers(builder -> {
+			builder.setServerOption(UndertowOptions.ENABLE_HTTP2, serverProperties.getHttp2().isEnabled())
+				.setServerOption(UndertowOptions.HTTP2_SETTINGS_ENABLE_PUSH, serverProperties.getHttp2().isEnabled());
+		});
+		//开启HTTP自动跳转至HTTPS
+		factory.addDeploymentInfoCustomizers(deploymentInfo -> {
+			deploymentInfo.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(
+				new WebResourceCollection().addUrlPattern("/*")).setTransportGuaranteeType(
+					TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
+				.setConfidentialPortManager(exchange -> securityProperties.getHttpsPort());
+		});
+		return factory;
+	}
+
+}
diff --git a/src/main/java/frodez/config/security/settings/WebSecurityConfig.java b/src/main/java/frodez/config/security/settings/WebSecurityConfig.java
index 5bf2f33..c721fec 100644
--- a/src/main/java/frodez/config/security/settings/WebSecurityConfig.java
+++ b/src/main/java/frodez/config/security/settings/WebSecurityConfig.java
@@ -76,6 +76,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		List<String> permitAllPathList = properties.getAuth().getPermitAllPath();
+		//开启https
+		http.requiresChannel().anyRequest().requiresSecure();
 		http.cors().and().csrf().disable().exceptionHandling()
 			// 无权限时导向noAuthPoint
 			.authenticationEntryPoint(authentication).and().exceptionHandling().accessDeniedHandler(accessDenied).and()
diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml
index e9668ab..b8cb6ce 100644
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@@ -1,4 +1,8 @@
 server:
+  ssl:
    key-store: classpath:others/frodez.p12
+    key-store-password: 123456
+    key-store-type: PKCS12
+    key-alias: frodez
   error:
     path: /error
   port: 9090 #请注意服务器上是否配备了防火墙策略,该端口是否开放
diff --git a/src/main/resources/others/frodez.p12 b/src/main/resources/others/frodez.p12
new file mode 100644
index 0000000000000000000000000000000000000000..21d7d6fbe30cc930e48ecc132d59e8356a0e5543
GIT binary patch
literal 1727
zcmY+Dc{JOJ7say>4Y3TNg3)xL2o>8{N(ix4wNwbT%n(79NbN<Ld@GiUrd3hIsGzmB
zs3khIGN^89Uxr#jX{Uyo5mQ>xj`^M6%$#}Wyz|bv_q_Yp{a^uD2Lueo0<c&ZTqnaR
zV@nz=0WJez6fpo6xF`E#0qDX1SWtN}04lR5OYSWUCiVX>gd`YJ20)sz0Hgt{4U_y^
z-V0Y1Lk8J}MA#GNE5M1RY(HTEKQGQ#9RdaQxQPLf?_WNApB*rzsy#&Vkvq%2&SkGn
z9Fc|mEZ@JNXEBQQw1iZ&ZKF7OE_Gcs{`vLgQ@2$0`LXFQ>|ITpz~SnND&`&CXWU;5
z$j97(<cYc3{-i#ymtgglFtBxF)r%1o5+*k;NbS{kxjHfLgd03gPVvg#3@(awKJs#d
z?MsLS2@NsJC02zM=YN%YJ~?$~XL+k%OZw-=Cy{5W6s@J}ASNVlZtIL*p;jiQJI19+
zdSa#l*U_U6E=viMG($Xo5U9d44=>k0yLnCSqU4qJgy9iicaNiLL4+mu(L`uTW`s)+
z{g0BN7G>&7uMtfuYTx1Bv&oKEW&7|NL!r8nl_3TTb6tw1J)=rl#Lv{U;bc*W<^4=w
z)cp{RE8>g|WUo{GkSR?`XyHxNH6HC~*NUgKH_|%Ek$!z~v<u1+OP0<YKuTU)x7?7D
z;*>4qd*8?%)o(UZ9zH3Us~X(;z(0AZn<G#gx%37%cNyQn)cMwDz4kJV_1dAyUt^cF
zM9cc!C`)QvCw61od?Vp&!qRQ#o54#9XuEf`=9Opdvc(Qs?8Ga+r|=``MUEevx+_e6
zun2<(nqrdsv~IrI*!iH;!F!b4gjs=^$?q=WQNQsQ@@++rbZAapUHf!2A~uv`23$_?
zPWPAm=$0(xw}vW?ts-Mr)(_QYM-$9E#v9gIukf_X#1h~p&DSq*=UjXOeV+OFP_PeX
zBa_wB-0l!BG%Taj`%}6OJR;O}d=cjRy-uFZM^LBa(=NJ3SEvL8DU8hqPOcEd_Zi9Y
zi7Hm)dv>Im-U;vA{$6VGx-{R79rqzks`QuE0(H5!ya##K)U;3N`$r1Vss34^1~ypL
ze<}_~8px<4Kp~)LP!uQ_L;)pX|Ls3q(EuqXPdpb%K^vHun3`bs#@NuvaE}Dze-b2M
zWdKy;FK!@U(B4t`*8%^B4A@^};3bV$YyC8-jJPM$$a98*EsLG#|B>-M01=?<$NVr8
zJ6!vi>`X{#pUGPzM8FToxr-(_p?vZ}N|APOZc#(P;?Xhg^NFXGs$tTlGv+n%*B!Uu
zQrg!Y%um*@kwmaybnE8^;>e<N?y7fE4YNnQF)@Ehw6-2*DTT4xT4-ny-K%OM|1@av
z`|-n_?jw!O)4Th>kxr2)?bniz4u5*!fUUW5U+pmes0RDR>e$_C&#(~_4v;<Z-HVeD
zB9yFXUy#2%%jMyR)OPQ-YwyA^8ao#62;MN&UQf@5M$uPbq$<~zue<8XybE|2+9cQ~
zzMC67kI-zpHVfvM7ko(qq2N<=WtY>s6iTq$mvOwAqxCqpyHeNF#ri>DR1FS6ubd<?
zge!K8wmO@rNG^5%Xtmgn(TUvbgLUbJqD!Rl!*i^54kGVEDh_|A7LZbqzeQ?^ovH3q
z2+I9bVmtM&-=LGM&M5JE|8U~*m<AV782YT9ddGC-SmPT&OW)Y(yiH3EBmK7E_)a%|
zRK}>eY^Ul#dMm{>gI&Jn8Gy4A(fv#B2{z#dIWu}e&xSdc8-?QcN||1oYg&kN^mU&_
z^>4gA)`QopOA3+8QL^aSTBUcx^g#Dl+&JsP(EJrmnHh&vfv_=+we5K#6Q}E*MC9z3
zJHdMs#c))URdYNo!A77%TVc0p(R4TF7lW_DbGFMZ4_)@4h9M$)BXr0E#whECB&Ccq
z-(EPK>U3*(3M!Ww^%-=Q!<Ncp?npjohzFoPh2E^D9#gjH_5oN=P_(CHtg1*WhV`-d
zqsr%_@poH0$go>|oPN1eos&7@wk2&c16dgl-wUbJJVs~nR@d-xVxR8ad1=5oc#>&T
z7~)Z1CGsD&e$XmoUkogKwans+(<r6&fyZ7tg98Ktwdvd8zIYyd+mv9^Saen3d`kIR
z)7vAcUy5b%#Mi7%g@dF@kwUo*&wgry*1%$p{Dvv;Utx}KDGgg2rRJwt4R8yx6tOt$
zK`b05j*)>vRK!7INEu4@;g!Xap)SLk;u^cmV-#G(fEbeJns6V~V#Z=dp{HH+Jf20Q
MZT<>@f-}ng1V}Cp^Z)<=

literal 0
HcmV?d00001

diff --git a/src/main/resources/settings/dev/security.properties b/src/main/resources/settings/dev/security.properties
index 148c636..d9ac696 100644
--- a/src/main/resources/settings/dev/security.properties
+++ b/src/main/resources/settings/dev/security.properties
@@ -1,3 +1,5 @@
+security.https-port=8443
+
 security.auth.denied-role=USER_NO_PERMISSION
 security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh,/swagger-resources/**,/swagger-ui.html**,/webjars/**,/v2/api-docs
 
diff --git a/src/main/resources/settings/prod/security.properties b/src/main/resources/settings/prod/security.properties
index 2c043c8..3dd5483 100644
--- a/src/main/resources/settings/prod/security.properties
+++ b/src/main/resources/settings/prod/security.properties
@@ -1,3 +1,5 @@
+security.https-port=8443
+
 security.auth.denied-role=USER_NO_PERMISSION
 security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh
 
diff --git a/src/main/resources/settings/release/security.properties b/src/main/resources/settings/release/security.properties
index 2c043c8..3dd5483 100644
--- a/src/main/resources/settings/release/security.properties
+++ b/src/main/resources/settings/release/security.properties
@@ -1,3 +1,5 @@
+security.https-port=8443
+
 security.auth.denied-role=USER_NO_PERMISSION
 security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh
 
diff --git a/src/main/resources/settings/test/security.properties b/src/main/resources/settings/test/security.properties
index 148c636..d9ac696 100644
--- a/src/main/resources/settings/test/security.properties
+++ b/src/main/resources/settings/test/security.properties
@@ -1,3 +1,5 @@
+security.https-port=8443
+
 security.auth.denied-role=USER_NO_PERMISSION
 security.auth.permit-all-path=/**,/login/auth,/login/register,/login/refresh,/swagger-resources/**,/swagger-ui.html**,/webjars/**,/v2/api-docs