目前越来越多的网站开始支持HTTPS连接,而想要支持HTTPS连接就必须要有SSL证书,下面将介绍如何在Spring Boot项目中配置SSL证书。
一、获取证书
1、生成证书
关于如何获取SSL证书,请阅读:SSL证书生成和配置
2、添加证书
将JKS格式的SSL放入项目根目录下src/main/resources文件夹中即可。
二、修改配置文件
1、application.properties
在application.properties文件中添加以下内容:
1
2
3
4
5
6
7
8
9
10
11
12
|
server.ssl.key-store=classpath:<filename>.jks
server.ssl.key-password=<password>
server.ssl.key-store-type=JKS
server.ssl.key-alias=<alias>
tomcat.listen.port=80
tomcat.redirect.port=443
|
注意最后两项tomcat.listen.port和tomcat.redirect.port是自定义的配置项。
2、pom.xml
在pom.xml文件中添加以下配置,避免打包时过滤掉SSL证书文件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| <build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
<version>3.1.0</version>
</plugin>
</plugins>
</build>
|
三、添加配置类
在项目中添加一个TomcatConfig.java配置类:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| package cn.frankfang.config;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class TomcatConfig {
@Value("${tomcat.listen.port}")
private int port;
@Value("${tomcat.redirect.port}")
private int redirectPort;
@Bean
ServletWebServerFactory tomcatEmbeddedServletContainerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
private Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(port);
connector.setSecure(false);
connector.setRedirectPort(redirectPort);
return connector;
}
}
|
之后重新打包部署项目,在浏览器地址栏中加上https://前缀,便可正常访问服务器,当用户访问80端口时会强制跳转到443端口。
