How to implement SpringBoot's HTTPS configuration

HTTPS configuration

Because HTTPS has good security, it has been increasingly widely used in development. The development of WeChat public accounts, small programs, etc. must be completed using HTTPS. For individual developers, the price of an HTTPS certificate is still a bit expensive. Some domestic cloud server manufacturers provide free HTTPS certificates, and one account can apply for several. However, jdk provides a Java digital certificate management tool keytool. In the \jdkbin directory, you can use this tool to generate a digital certificate yourself. The generation command is as follows:

keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore sang.p12 -validity 365

• genkey means you want Create a new key.

• alias represents the alias of the keystore.

• keyalg indicates that the encryption algorithm used is RSA, an asymmetric encryption algorithm.

• keysize indicates the length of the key.

• keystore indicates the storage location of the generated key.

• validity indicates the validity time of the key, in days.

According to the prompts, you need to provide information such as password or password when executing the command in the cmd window. Enter it to complete the execution process. After the command is executed, a file named sang.p12 will be generated in the current user directory. Copy this file to the root directory of the project, and then make the following configuration in application.properties:

# key-store表示密钥文件名。
server.ssl.key-store=sang.p12 
# key-alias表示密钥别名。
server.ssl.key-alias=tomcathttps
#key-store-password 就是在cmd命令执行过程中输入的密码。
server.ssl.key-store-password=123456

Configuration After success, start the project and enter "https:/localhost:8080" in the browser to view the results. Note that the generated certificate is not authenticated by the browser, so you will need to add trust or move forward. Please refer to the picture below.

The result of successful operation is as shown in the figure

At this time, if you access the interface through HTTP, you will access Failed, as shown in the figure

# Original words rewritten: Spring Boot does not support enabling HTTP and HTTPS at the same time in the configuration. At this time, you can configure request redirection to redirect HTTP requests to HTTPS requests. The configuration method is as follows

@Configuration
public class TomcatConfig {
    @Bean
    TomcatServletWebServerFactory tomcatServletWebServerFactory() {
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        factory.addAdditionalTomcatConnectors(createTomcatConnector());
        return factory;
    }

    private Connector createTomcatConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);
        connector.setSecure(false);
        connector.setRedirectPort(8081);
        return connector;
    }
}

Here first configure a TomcatServletWebServerFactory, then add a Connector in Tomcat (listen to port 8080), and forward the request to 8081.
After the configuration is completed, enter "http://localhost:8080/" in the browser and it will automatically redirect to https://localhost:8081/.

The above is the detailed content of How to implement SpringBoot's HTTPS configuration. For more information, please follow other related articles on the PHP Chinese website!