[Copyright Statement] The source can be freely reprinted for non-commercial purposes.
Blog address:
From: shusheng007
Series of articles:
Talk about CA certificate and self-signed certificate of
Https in seconds. How to use self-signed certificate in Android in Https
Article Directory
Overview
In the talk about CA certificate and self-signed certificate of Miaounder Https , we talked about how to generate self-signed certificate. In Miaounder Https, how to use self-signed certificate in Android, we talked about how to use self-signed certificate in Android. In this article, let's take a look at how to use self-signed certificates in SpringBoot2.
Flash point
Let me state in advance that this shining point is what I think, because it has bothered me for a long time. There are many good articles on how to configure https in springboot2, and it is generally not a problem to do so. But when I deployed the program that successfully runs https locally to Tomcat on the server, I found that https does not work. Finally, I discovered that the configuration in springboot2 was originally configuring the built-in Tomcat ! I really don't know, I am allowed to despise here!
Configure SpringBoot2's built-in Tomcat
-
Put the certificate container (for example, mine is keystore.p12)
src/main/resources
under the folder -
application.properties
Configure the properties of tomcat in the file.
Suppose I generate the certificate command as followskeytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650 -ext san=ip:192.168.xx.xx -storepass pw12345
Then the configuration is as follows
server.port=8443 server.ssl.key-store= classpath:keystore.p12 server.ssl.key-store-password= pw12345 server.ssl.key-password= pw12345 server.ssl.key-store-type= PKCS12 server.ssl.key-alias= tomcat
Completing the above two steps is actually okay, but there is a problem. Now your server only supports https and not http requests.
-
Support both http and https requests
Create a new configuration class in your project, pay attention to the use of
@Configuration
tags@Configuration public class ServerConfig { @Bean public ServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { //使用CONFIDENTIAL模式,Tomcat会将所有的请求都使用HTTPS, SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(getHttpConnector()); return tomcat; } private Connector getHttpConnector() { Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL); connector.setScheme("http"); connector.setPort(8888); //如果 connector.setSecure(true) 同时支持http和https //如果 connector.setSecure(false) http的请求会重定向到https connector.setSecure(true); connector.setRedirectPort(8443); return connector; } }
Regarding the effect of connector.setSecure(true), I suggest you try it yourself.
to sum up
If your project is to be published as an executable jar , these configurations are meaningful and will affect the final result. But if you publish as war and deploy to a separate tomcat, then you need to configure that tomcat. This configuration is only configuring the tomcat built in springboot, and has nothing to do with the hair you deployed.
Regarding how to configure tomcat to support https, I'll talk about it in the next article, it's time for applause...
Fame is always in the poor days, and failures are often due to pride.