SpringBoot configures HTTPS and implements automatic HTTPS access to HTTPS

nginx is recommended for configuring https No further replies will be given to any questions raised in this article.

Here's why I wrote this article, because I'm also a beginner in SpringBoot. I encountered some pits when configuring https. According to the way I configure it on the Internet, I found some classes are obsolete. Here's just a record of my configuration process for reference.

1. Create a certificate using jdk's own keytools

Open the cmd window and enter the following command

keytool -genkey -alias tomcat -keyalg RSA -keystore ./server.keystore 

Follow the prompt

Enter keystore password: 123456
Enter the new password again: 123456
What is your first and last name?
  [Unknown]:  kaibowang
What is the name of your organization?
  [Unknown]:  yuxuelian
What is your organization name?
  [Unknown]:  yuxuelian
What is the name of your city or region?
  [Unknown]:  chengdu
What is the name of your province/municipality?
  [Unknown]:  chengdushi
What is the double-letter country/region code for this unit?
  [Unknown]:  china
Is CN=kaibowang, OU=yuxuelian, O=yuxuelian, L=chengdu, ST=chengdushi, C=china correct?
  [No]: y

Enter the key password for <tomcat>
        (Press Enter if the password is the same as the keystore password):
Enter the new password again:

Warning:
The JKS keystore uses a proprietary format.It is recommended that you migrate to industry standard format PKCS12 using "keytool-importkeystore-srckeystore C:\Users\Administrator\keystore-destkeystore C:\Users\Administrator\keystore-deststoretype pkcs12".

Once created, the generated keystore file can be viewed in the user root directory

2. Create a new springboot project, copy the keystone file generated in the previous step to the root directory of the project, and add the following configuration in application.properties

server.port=443
server.ssl.key-store=server.keystore
server.ssl.key-alias=tomcat
server.ssl.enabled=true
server.ssl.key-store-password=123456
server.ssl.key-store-type=JKS

Explain

Set the server port number to port 443, the default access port for https, so you can access HTTPS directly without port number if the port is used

netstat -ano

To see which process number takes up the port, use

tasklist|findstr (Process Number Viewed)
# simple
C:\Users\Administrator>tasklist|findstr 3664
vmware-hostd.exe              3664 Services                   0      5,040 K

Open the Task Manager, kill the occupying process, or open the corresponding application settings, turn off listening
Access to https is now configured https://localhost Check to see if the configuration was successful

3.http Access Automatically goes to https Access

Inject two beans into the spring container with the following code

    @Bean
    public Connector connector(){
        Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(80);
        connector.setSecure(false);
        connector.setRedirectPort(443);
        return connector;
    }

    @Bean
    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint=new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection=new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(connector);
        return tomcat;
    }

First, you need to use the TomcatServletWebServerFactory class, which is the EmbeddedServletContainerFactory class that is uniquely available on the web.
In the new version of SpringBoot, I find that I can't find this class anymore. After several turns, I look through the source code to find this class. That's why I wrote this article.
Next, set the listening port of HTTP here to 80, the default port of http, so that you can access it without the port number.
After completing the above configuration, we visit http://localhost To automatically jump to https://localhost

Reference article: SpringBoot Series (5) - SpringBoot-Web and SpringBoot Foundation



Author: Royal Snow Love
Link: https://www.jianshu.com/p/8d4aba3b972d
Source: Short Book
Copyright belongs to the author.For commercial reprinting, please contact the author for authorization. For non-commercial reprinting, please indicate the source.

Tags: Programming SpringBoot Tomcat SSL Nginx

Posted on Sun, 10 Nov 2019 20:07:59 -0500 by depojones