SpringBoot配置SSL

Posted on

SpringBoot 2.X 配置SSL

1.获得证书

需要备案的域名申请SSL

image-20200505154312726

2.下载证书,部署到项目中

下载后解压
在这里插入图片描述
然后在我们的springboot配置文件中配置
在这里插入图片描述

注意:214590826650132.pfx还需要在我们能阿里云的home/jar目录下放一份,即和我们的打包jar放在同一个目录下
在这里插入图片描述

3.配置项目Http自动转向Https

application.yml文件配置

1
2
3
4
5
6
server:
  port: 1107
  ssl:
    key-store: 3863408.pfx
    enabled: true
    key-store-password: j18KVabC

通过bean监听,拦截,让http转https(2.x版本)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
@Configuration
public class MySSLConfig   {

    @Bean
    public Connector connector(){
        Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        //Connector监听的http的端口号
        connector.setPort(8080);
        connector.setSecure(false);
        //监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(1107);
        return connector;
    }

    @Bean
    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint=new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection=new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(connector);
        return tomcat;
    }
}