参考:
如何在SpringBoot内嵌的Tomcat中配置HTTPS
SpringBoot2.0项目配置https访问
一.使用jdk中keytool的证书管理工具,可以用它来实现签名的证书
1.windows下进入jdk目录,地址栏输入cmd 并回车进入cmd界面。
windows生成证书
例:生成一个别名叫tomcat 的证书 先使用命令进入jdk的bin 这里的密码是123456
keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/keys/tomcat.keystore -storepass 123456
2.Linux下
查看jdk位置
which java
ls -lrt /usr/bin/java
ls -lrt /etc/alternatives/java
cd /usr/lib/jvm/java-1.8.0-openjdk/bin
Linux生成证书
keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/keys/tomcat.keystore -storepass 123456
二.配置Springboot项目
application.yml中配置:
server:
port: 9006
ssl:
key-store: tomcat.keystore
key-password: 123456
key-store-type: JKS
key-alias: tomcat
在启动类中添加:
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
/**
* 让我们的应用支持HTTP是个好想法,但是需要重定向到HTTPS,
* 但是不能同时在application.yml中同时配置两个connector,
* 所以要以编程的方式配置HTTP connector,然后重定向到HTTPS connector
* @return Connector
*/
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(80); // http端口
connector.setSecure(false);
connector.setRedirectPort(9006); // application.yml中配置的https端口
return connector;
}
3.启动项目
页面访问