Spring项目HTTPS

简介

SSL(Secure Sockets Layer)是为网络通信提供安全及数据完整性的一种安全协议，SSL在网络传输层对网络进行加密。SSL协议可以分为两层：SSL记录协议，为高层协议提供数据封装、压缩、加密，建立在TCP基础上；SSL握手协议建立在SSL记录协议之上，用于在实际数据开始传输之前，通信双方进行身份认证、协商加密算法、交换加密秘钥。

操作流程

生成证书

jdk自带的工具中，keytool是一个证书管理工具，可以用来生成自签名的证书。

keytool -genkey -alias tomcatkeytool -genkey -alias tomcat -keyalg "RSA" -keystore "test.keystore" keytool -list -keystore test.keystorekeytool -delete -alias tomcat

运行完成后会在当前==用户目录 官网：www.fhadmin.org ==下声称.keystore文件，将对应的文件copy到resources目录下。

spring boot配置

server.ssl.key-store = .keystoreserver.ssl.key-store-password = 123456server.ssl.keyStroreType = JKSserver.ssl.keyAlias

http以及https支持

@Bean 官网：www.fhadmin.orgpublic EmbeddedServletContainerFactory servletContainer() {    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();    tomcat.addAdditionalTomcatConnectors(createSslConnector());    return tomcat;}private Connector createSslConnector() {    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");    Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();    try {        File keystore = new ClassPathResource("keystore").getFile();        File truststore = new ClassPathResource("keystore").getFile();        connector.setScheme("https");        connector.setSecure(true);        connector.setPort(8443);        protocol.setSSLEnabled(true);        protocol.setKeystoreFile(keystore.getAbsolutePath());        protocol.setKeystorePass("changeit");        protocol.setTruststoreFile(truststore.getAbsolutePath());        protocol.setTruststorePass("changeit");        protocol.setKeyAlias("apitester");        return connector;    }    catch (IOException ex) {        throw new IllegalStateException("can't access keystore: [" + "keystore"                + "] or truststore: [" + "keystore" + "]", ex);    }}

http协议自动转向https

@Bean 官网：www.fhadmin.org  public EmbeddedServletContainerFactory servletContainer() {    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {        @Override        protected void postProcessContext(Context context) {          SecurityConstraint securityConstraint = new SecurityConstraint();          securityConstraint.setUserConstraint("CONFIDENTIAL");          SecurityCollection collection = new SecurityCollection();          collection.addPattern("/*");          securityConstraint.addCollection(collection);          context.addConstraint(securityConstraint);        }    };    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());    return tomcat;  }  private Connector initiateHttpConnector() {    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");    connector.setScheme("http");    connector.setPort(8080);    connector.setSecure(false);    connector.setRedirectPort(8443);    return connector;  }

Q&A

开启SSL之后在浏览器中访问，可能访问到的内容为空，主要是安全证书问题。有些浏览器存在安全证书问题时不会提示，不安全访问，而直接静止访问，可以更换一个浏览器试试。