原创

Spring Boot集成Https快速入门Demo

1.什么是https?

HTTPS，也称作HTTP over TLS。TLS的前身是SSL，TLS 1.0通常被标示为SSL 3.1，TLS 1.1为SSL 3.2，TLS 1.2为SSL 3.3 HTTPS和HTTP协议相比提供了

数据完整性：内容传输经过完整性校验
数据隐私性：内容经过对称加密，每个连接生成一个唯一的加密密钥
身份认证：第三方无法伪造服务端(客户端)身份

其中，数据完整性和隐私性由TLS Record Protocol保证，身份认证由TLS Handshaking Protocols实现。

2证书准备

自签名证书

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650

参数解释

-genkey: 生成SSL证书
-alias: 证书别名
-storetype: 秘钥仓库类型
-keyalg: 生成证书算法
-keysize: 证书大小
-keystore: 生成证书保存路径
-validity: 证书有效期

将当前目录下keystore.p12，放到自己的springboot项目中的resource下

申请CA证书

google搜索一下免费的ssl证书，这里就不在讲述了

3.代码工程

实验目的：controller实现https访问

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>springboot-demo</artifactId>
        <groupId>com.et</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>https</artifactId>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
    </properties>
    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

    </dependencies>
</project>

controller

package com.et.https.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.HashMap;
import java.util.Map;
@Controller
public class HelloWorldController {
    @RequestMapping("/hello")
    @ResponseBody
    public Map<String, Object> showHelloWorld(){
        Map<String, Object> map = new HashMap<>();
        map.put("msg", "HelloWorld");
        return map;
    }
}

application.yaml

server:
  port: 443
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: 123456
    keyStoreType: PKCS12
    keyAlias: tomcat

http转发https

@Bean
public TomcatServletWebServerFactory servletContainer() {
   // 对http请求添加安全性约束，将其转换为https请求
   TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
      @Override
      protected void postProcessContext(Context context) {
         SecurityConstraint securityConstraint = new SecurityConstraint();
         securityConstraint.setUserConstraint("CONFIDENTIAL");
         SecurityCollection collection = new SecurityCollection();
         collection.addPattern("/*");
         securityConstraint.addCollection(collection);
         context.addConstraint(securityConstraint);
      }
   };
   tomcat.addAdditionalTomcatConnectors(connector());
   return tomcat;
}

@Bean
public Connector connector() {
   Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
   // 捕获http请求，并将其重定向到443端口
   connector.setScheme("http");
   connector.setPort(80);
   connector.setSecure(false);
   connector.setRedirectPort(443);
   return connector;
}

http和https并存

@Bean
public ServletWebServerFactory servletContainer() {
   TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
   tomcat.addAdditionalTomcatConnectors(createStandardConnector());
   return tomcat;
}

private Connector createStandardConnector() {
   Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
   connector.setPort(80);
   return connector;
}