1、通过jdk keytool -genkey -keystore "D:\localhost.keystore" -alias localhost -keyalg RSA 生成证书
2、Springboot内置tomcat 可以通过配置文件修改默认配置
applicaiton.yml
server: ssl: enabled: true key-alias: localhost key-password: 123456 key-store: D:\localhost.keystore
3、在shiro的配置类中添加 SslFilter 对于 SSL 的支持,Shiro 只是判断当前 url 是否需要 SSL 登录,如果需要自动重定向到 https 进行访问。
//ssl filter @Bean public SslFilter sslFilter(){ SslFilter filter = new SslFilter(); filter.setPort(8080); //需要设置为与tomcat一样的端口 SslFilter 默认端口是 443 return filter; }
4、在ShiroFilterFactoryBean中添加 SslFilter
@Bean public ShiroFilterFactoryBean filterFactoryBean(@Autowired DefaultWebSecurityManager securityManager,@Autowired SslFilter sslFilter){ ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean(); Map<String, Filter> map = new HashMap<>(); map.put("ssl",sslFilter); filterFactoryBean.setFilters(map); //设置securityManager ... //设置拦截
Map<String,String> filterMap = new LinkedHashMap<>();
filterMap.put("/login","ssl,anon"); // ssl表示访问/login需要走ssl
filterMap.put("/*","authc");
filterFactoryBean.setFilterChainDefinitionMap(filterMap);
return filterFactoryBean;
}