takeaway

Since SpringBoot project uses HTTP to send requests by default, HTTPS requests are not supported. However, sending HTTPS requests requires the use of digital certificates. Although major service cloud providers have them, they are charged for use. Of course, we do not need to buy the local test, you can use Java to generate digital certificates.

use

Generation of digital signatures

Go to the JDK installation directory, bin folder, open a command window, and run the following command to generate a digital certificate:

keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore D:\javasign.p12 -validity 365

# or

keytool -importkeystore -srckeystore D:\javasign.p12 -destkeystore D:\javasign.p12 -deststoretype pkcs12
Copy the code

The meanings of this command are as follows:

  • Genkey means to create a new key.
  • Alias Indicates the alias of the keystore.
  • Keyalg indicates that the encryption algorithm used is RSA, an asymmetric encryption algorithm.
  • Keysize indicates the length of the key.
  • Keystore stores the generated key.
  • Validity Indicates the validity period of the key, in days.


Generate the following digital certificates.

The introduction of the HTTPS

Next we need to introduce HTTPS into the project. Copy the javaboy.p12 generated above to the Resources directory of the Spring Boot project. Then add the following configuration to application.yml:

server:
  port: 8090
  ssl:
    key-alias: classpath:javasign.p12
    key-store: tomcathttps
    key-store-password: 123456
Copy the code

Parameters that

  • Key-store specifies the name of the key file.
  • Key-alias Indicates the alias of the key.
  • Key-store-password is the password entered during the CMD command execution.

Start the project

Input “https://localhost:8080/app/index”, the browser will appear the following page, click the advanced – to continue

Eventually you can access it using HTTPS

However, problems arise when we use HTTP access.

Solution: Add a configuration file.

import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class TomcatConfig { @Bean TomcatServletWebServerFactory tomcatServletWebServerFactory() { TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); }}; factory.addAdditionalTomcatConnectors(createTomcatConnector()); return factory; } @Bean private Connector createTomcatConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8081); connector.setSecure(false); connector.setRedirectPort(8080); return connector; }}Copy the code

Through this period of configuration, visit http://localhost:8081/app/index when the system will automatically be redirected to the https://localhost:8080/app/index on this address.

END

Do ~