https now has become increasingly popular, especially to do some small number of public programs or development time, basically just need a https.
But a https certificate is still very expensive, individual developers can apply for a free certificate in each cloud service provider. I have the impression valid for one year, can apply for 20.
Today we talk to and are in Spring Boot project, how to open https configuration, convoy escort for our interface.
https Profile
Let's take a look at what is https, according to introduction on wikipedia:
Https (HyperText Transfer Protocol Secure), abbreviation: HTTPS; often referred to as HTTP over TLS, HTTP over SSL or HTTP Secure) is a secure communications protocol for transmission over a computer network. HTTPS for communication via HTTP, but the use of SSL / TLS to encrypt data packets. The main purpose of the development of HTTPS is to provide authentication for the Web server to protect the privacy and integrity of data exchange. The agreement was first proposed by Netscape (Netscape) in 1994, then extended to the Internet.
Historically, HTTPS connections are often used for payment transactions and enterprise information systems on the network transmission of sensitive information. In the late 2000s and early 2010s, HTTPS been widely used in order to ensure that all types of real web pages, and maintaining user accounts to protect communications, identity and web browsing privacy.
In addition, there is a secure Hypertext Transfer Protocol (S-HTTP), also an HTTP secure transmission to achieve, but is widely used for HTTPS and HTTP secure transmission become the de facto realization, S-HTTP and not widely supported.
Ready to work
First, we need to have a https certificate, we can apply for a free cloud services from various vendors at their own experiments but there is no need to be too much trouble, we can directly generate a free https certificate that comes with the aid of Java JDK management tool keytool.
Into the %JAVVA_HOME%\bindirectory, run the following command to generate a digital certificate:
keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore D:\javaboy.p12 -validity 365Commands have the following meanings:
- genkey pledged to create a new key.
- alias represents the keystore alias.
- keyalg denotes encryption algorithm is RSA, an asymmetric encryption algorithm.
- keysize represents the length of the key.
- It represents keystore generated key storage location.
- validity represents the effective period of the key in days.
DETAILED generation process shown below:
After the command is completed, we are in the D disk directory will see a file named javaboy.p12. As shown below:
Once you have the file, we are ready to work even OK.
Introduced https
Next we need to introduce https in the project.
Generated above javaboy.p12 copied to project resources directory Spring Boot. Then add the application.properties follows:
server.ssl.key-store=classpath:javaboy.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=111111among them:
- key-store key file name.
- key-alias represents the key alias.
- key-store-password is entered during the execution of cmd command password.
Once configured, you can start the Spring Boot project, this time if we directly use the Http protocol to access the interface, you will see the following error:
Use https to access the following results:
This is because of our own generation https certificate is not recognized by the browser, but it does not matter, we just click on it to continue to access (the actual project only need to replace a recognized browser to https certificate).
Request forwarding
Considering the Spring Boot does not support simultaneous start HTTP and HTTPS, in order to solve this problem, we here can be configured to forward a request, when a user sends an HTTP call is automatically forwarded to HTTPS.
Specific configuration is as follows:
@Configuration
public class TomcatConfig {
@Bean
TomcatServletWebServerFactory tomcatServletWebServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
factory.addAdditionalTomcatConnectors(createTomcatConnector());
return factory;
}
private Connector createTomcatConnector() {
Connector connector = new
Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8081);
connector.setSecure(false);
connector.setRedirectPort(8080);
return connector;
}
}Here, we configured a Http request port 8081, all requests from 8081, will be automatically redirected to https on port 8080 of this.
So then, we go to http request will be automatically redirected to https.
Epilogue
Spring Boot 中加入 https 其实很方便。如果你使用了 nginx 或者 tomcat 的话,https 也可以发非常方便的配置,从各个云服务厂商处申请到 https 证书之后,官方都会有一个详细的配置教程,一般照着做,就不会错了。
关注公众号【江南一点雨】,专注于 Spring Boot+微服务以及前后端分离等全栈技术,定期视频教程分享,关注后回复 Java ,领取松哥为你精心准备的 Java 干货!
