Https证书准备
开发环境下,可直接用JDK自带的keytool工具生成一个证书,正式环境可购买一个,配置过程是一样的:
打开cmd命令行,输入以下命令:
命令解释:
- -alias 证书别名
- -keypass 证书密码
- -keyalg 生证书的算法名称,RSA是一种非对称加密算法
- -keysize 密钥长度
- -validity 证书的有效期(单位:天)
- -keystore 生成的证书文件的存储路径
- -storepass 获取keystore信息的密码
keytool -genkey -alias mykeystore -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/mykeystore.keystore -storepass 123456
根据提示输入相关信息即可:
SpringMVC项目配置:
一.Tomcat服务器配置
打开tomcat路径conf文件夹下server.xml文件,原本如下内容:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses the NIO implementation that requires the JSSE style configuration. When using the APR/native implementation, the OpenSSL style configuration is required as described in the APR/native documentation --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
将8443端口配置注释取消,并添加第一步生成的证书路径及密码,修改后如下所示:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"/> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses the NIO implementation that requires the JSSE style configuration. When using the APR/native implementation, the OpenSSL style configuration is required as described in the APR/native documentation --> <!-- 开启https访问 --> <Connector port="8443" SSLEnabled="true" clientAuth="false" keystoreFile="D:\mykeystore.keystore" keystorePass="123456" maxThreads="150" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS"/>
二. 配置项目web.xml
打开项目下web.xml,添加如下配置
<security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
至此,SpringMVC项目即完成了https的配置
SpringBoot项目配置:
一. 将第一步生成的证书放进resource文件夹
二. 配置application.yml或者application.properties文件
#修改端口号
server:
##设置https端口
port: 8444
##设置http端口,访问此端口将被重定向到https端口
http:
port: 8080
####定义项目的访问上下文
context-path: /mySpringBoot
##开启Https协议
ssl:
key-store: classpath:mykeystore.keystore
key-store-password: 123456
key-store-type: jks
key-alias: mykeystore
注:此处的key-store-type应设置为部署环境下jre里面对应的keystore.type。打开$JAVA_HOME/jre/lib/security/java.security文件
三. 创建一个WebConfig配置类
1 package com.config; 2 3 import org.apache.catalina.Context; 4 import org.apache.catalina.connector.Connector; 5 import org.apache.tomcat.util.descriptor.web.SecurityCollection; 6 import org.apache.tomcat.util.descriptor.web.SecurityConstraint; 7 import org.springframework.beans.factory.annotation.Value; 8 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; 9 import org.springframework.boot.web.servlet.FilterRegistrationBean; 10 import org.springframework.context.annotation.Bean; 11 import org.springframework.context.annotation.Configuration; 12 import org.springframework.web.cors.CorsConfiguration; 13 import org.springframework.web.cors.UrlBasedCorsConfigurationSource; 14 import org.springframework.web.filter.CorsFilter; 15 16 @Configuration 17 public class WebConfig{ 18 19 @Value("${server.port}") 20 private int serverPort; 21 22 @Value("${server.http.port}") 23 private int serverHttpPort; 24 25 /** 26 * 解决跨域问题 27 * @param registry 28 */ 29 @Bean 30 public FilterRegistrationBean<CorsFilter> corsFilter() { 31 UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 32 CorsConfiguration config = new CorsConfiguration(); 33 config.setAllowCredentials(true); 34 // 设置你要允许的网站域名,*表示任意域名 35 config.addAllowedOrigin("*"); 36 // 表示你要允许的请求头部信息 37 config.addAllowedHeader("*"); 38 // 设置你要允许的请求方法 39 config.addAllowedMethod("GET,POST,PUT,DELETE,HEAD,OPTIONS"); 40 source.registerCorsConfiguration("/**", config); 41 FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source)); 42 // 这个顺序很重要,为避免麻烦请设置在最前 43 bean.setOrder(0); 44 return bean; 45 46 } 47 48 /** 49 * Tomcat配置Https 50 * @return 51 */ 52 @Bean 53 public TomcatServletWebServerFactory servletContainer() { 54 TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory () { 55 @Override 56 protected void postProcessContext(Context context) { 57 SecurityConstraint securityConstraint = new SecurityConstraint(); 58 securityConstraint.setUserConstraint("CONFIDENTIAL"); 59 SecurityCollection collection = new SecurityCollection(); 60 collection.addPattern("/*"); 61 securityConstraint.addCollection(collection); 62 context.addConstraint(securityConstraint); 63 } 64 }; 65 66 tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); 67 return tomcat; 68 } 69 70 /** 71 * 配置监听端口 72 */ 73 private Connector initiateHttpConnector() { 74 Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); 75 connector.setScheme("http"); 76 //Connector监听的http的端口号 77 connector.setPort(serverHttpPort); 78 connector.setSecure(false); 79 //监听到http的端口号后转向到的https的端口号 80 connector.setRedirectPort(serverPort); 81 return connector; 82 } 83 }
至此,SpringBoot项目即完成了https的配置