HTTPS is now more and more popular, especially when doing some small programs or public account development, HTTPS is basically just needed.
However, an HTTPS certificate can be expensive, and individual developers can apply for a free certificate from various cloud service providers. In my impression, it is valid for one year. You can apply for 20.
Today we are going to talk about how to enable HTTPS configuration in the Spring Boot project to protect our interface.
Introduction of HTTPS
Let’s take a look at HTTPS first, according to Wikipedia:
HyperText Transfer Protocol Secure (HTTPS); Often called HTTP over TLS, HTTP over SSL, or HTTP Secure, is a transport protocol for Secure communication over a computer network. HTTPS communicates over HTTP, but uses SSL/TLS to encrypt packets. HTTPS is developed to provide identity authentication for web servers and protect the privacy and integrity of exchanged data. The protocol was first proposed by Netscape in 1994 and then extended to the Internet.
Historically, HTTPS connections have been used to pay for transactions over the network and transfer sensitive information in enterprise information systems. In the late 2000s and early 2010s, HTTPS became widely used to ensure that all types of web pages were authentic, to protect accounts and to keep user communications, identities, and web browsing private.
In addition, there is a secure hypertext transfer protocol (S-HTTP), which is also an implementation of HTTP secure transmission, but THE widespread use of HTTPS has become the de facto IMPLEMENTATION of HTTP secure transmission, s-HTTP is not widely supported.
The preparatory work
First of all, we need to have an HTTPS certificate. We can apply for a free HTTPS certificate from each cloud service vendor, but there is no need to do the experiment by ourselves. We can directly use the Java JDK management tool keytool to generate a free HTTPS certificate.
Go to the %JAVVA_HOME%\bin directory and run the following command to generate a digital certificate:
keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore D:\javaboy.p12 -validity 365
Copy the code
The meanings of this command are as follows:
- Genkey means to create a new key.
- Alias Indicates the alias of the keystore.
- Keyalg indicates that the encryption algorithm used is RSA, an asymmetric encryption algorithm.
- Keysize indicates the length of the key.
- Keystore stores the generated key.
- Validity Indicates the validity period of the key, in days.
The specific generation process is shown as follows:
After the command is executed, a file named javaboy.p12 is displayed in drive D. The diagram below:
With this file in hand, we are ready to go.
The introduction of the HTTPS
Next we need to introduce HTTPS into the project.
Copy the javaboy.p12 generated above to the Resources directory of the Spring Boot project. Then add the following configuration to application.properties:
server.ssl.key-store=classpath:javaboy.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=111111
Copy the code
Among them:
- Key-store specifies the name of the key file.
- Key-alias Indicates the alias of the key.
- Key-store-password is the password entered during the CMD command execution.
After the configuration is complete, you can start the Spring Boot project. If you use Http to access the interface, you will see the following error:
Use HTTPS instead, and the result is as follows:
This is because the HTTPS certificate generated by ourselves is not recognized by the browser, but it doesn’t matter, we can just click to continue (in the actual project, we only need to replace an HTTPS certificate recognized by the browser).
Forward requests
Considering that Spring Boot does not support both HTTP and HTTPS, to solve this problem, we can configure a request forwarding to automatically forward to HTTPS when the user initiates an HTTP call.
The configuration is as follows:
@Configuration
public class TomcatConfig {
@Bean
TomcatServletWebServerFactory tomcatServletWebServerFactory(a) {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/ *"); constraint.addCollection(collection); context.addConstraint(constraint); }}; factory.addAdditionalTomcatConnectors(createTomcatConnector());return factory;
}
private Connector createTomcatConnector(a) {
Connector connector = new
Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8081);
connector.setSecure(false);
connector.setRedirectPort(8080);
returnconnector; }}Copy the code
In this case, we have configured Http request port 8081, and all requests from 8081 will be automatically redirected to the HTTPS port 8080.
After that, when we access the HTTP request again, we are automatically redirected to HTTPS.
conclusion
Adding HTTPS to Spring Boot is actually quite convenient. If you use Nginx or Tomcat, HTTPS can also be very convenient configuration. After applying for HTTPS certificate from each cloud service provider, the official will have a detailed configuration tutorial, generally follow the following, you will not go wrong.
Pay attention to the public account [Jiangnan little Rain], focus on Spring Boot+ micro service and front and back end separation and other full stack technology, regular video tutorial sharing, after attention to reply to Java, get Songko for you carefully prepared Java dry goods!