Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Boot开启https #1

Open
x113773 opened this issue Jun 16, 2017 · 4 comments
Open

Spring Boot开启https #1

x113773 opened this issue Jun 16, 2017 · 4 comments
Labels
doc

Comments

@x113773
Copy link
Owner

x113773 commented Jun 16, 2017
edited
Loading

  1. 第一步就是用JDK的keytool工具来创建一个密钥存储(keystore)
    keytool -keystore mykeys.jks -genkey -alias tomcat -keyalg RSA
    记住输入的Enter keystore password(该项目为letmein),剩下的一路回车,直到:
    Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
    输入yes

  2. 把证书添加到项目中
    src/main/resources/mykeys.jks

  3. 修改配置文件application.properties,加入如下配置

server.port= 8443
server.ssl.key-store= classpath:mykeys.jks
server.ssl.key-store-password= letmein
server.ssl.key-password= letmein
  1. 配置用户访问http自动跳转到https
    HttpsConfiguration.java
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class HttpsConfiguration {

	 @Bean
	    public EmbeddedServletContainerFactory servletContainer() {
	        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(){
	            protected void postProcessContext(Context context) {
	                SecurityConstraint securityConstraint = new SecurityConstraint();
	                securityConstraint.setUserConstraint("CONFIDENTIAL");
	                SecurityCollection collection = new SecurityCollection();
	                collection.addPattern("/*");
	                securityConstraint.addCollection(collection);
	                context.addConstraint(securityConstraint);
	            }
	        };
	        tomcat.addAdditionalTomcatConnectors(httpConnector());
	        return tomcat;
	    }

	    @Bean
	    public Connector httpConnector(){
	        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
	        connector.setScheme("http");
	        connector.setPort(8080);//表示用8080端口来供http访问
	        connector.setSecure(false);
	        connector.setRedirectPort(8443);//自动重定向到8443端口
	        return connector;
	    }
}
@x113773
Copy link
Owner Author

x113773 commented Jun 16, 2017

qq 20170616150340

@x113773 x113773 changed the title Spring boot开启https Spring Boot开启https Jun 19, 2017
@x113773 x113773 added the doc label Jun 29, 2017
@AabbyAngel
Copy link

楼主,没看懂如何生成的mykeys.jks;
我是window10系统,我s双击打开keytool.exe的时候,dos窗口一闪而过,我通过cmd命令输入
keytool -keystore mykeys.jks -genkey -alias tomcat -keyalg RSA
提示我输入密钥库口令,我输入了,这个是自己输入的一个吗?
输入这个,又提示我你的名字、国家、组织、城市。。。。。
最后不知道怎么搞了。

@x113773
Copy link
Owner Author

x113773 commented Sep 7, 2017

@AabbyAngel 密钥库随便输,记住就可以,第3步要用(server.ssl.key-store-password=密钥库),剩下的一路回车即可,最后让你确认输入的信息是否正确,输入“是”或者yes。(和我第一步的区别就是你这是中文的,我那个是英文的)

@AabbyAngel
Copy link

@x113773 好的,我在试试,谢谢楼主,想以后跟你一起学。

@x113773 x113773 added doc and removed doc labels Sep 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
doc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AabbyAngel @x113773