Spring Boot集成Https快速入门Demo

1.什么是https?

HTTPS，也称作HTTP over TLS。TLS的前身是SSL，TLS 1.0通常被标示为SSL 3.1，TLS 1.1为SSL 3.2，TLS 1.2为SSL 3.3 HTTPS和HTTP协议相比提供了

• 数据完整性：内容传输经过完整性校验

• 数据隐私性：内容经过对称加密，每个连接生成一个唯一的加密密钥

• 身份认证：第三方无法伪造服务端(客户端)身份

其中，数据完整性和隐私性由TLS Record Protocol保证，身份认证由TLS Handshaking Protocols实现。

2证书准备

自签名证书

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650

参数解释

-genkey: 生成SSL证书-alias: 证书别名-storetype: 秘钥仓库类型-keyalg: 生成证书算法-keysize: 证书大小-keystore: 生成证书保存路径-validity: 证书有效期

将当前目录下keystore.p12，放到自己的springboot项目中的resource下

申请CA证书

google搜索一下免费的ssl证书，这里就不在讲述了

3.代码工程

实验目的：controller实现https访问

pom.xml

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">    <parent>        <artifactId>springboot-demo</artifactId>        <groupId>com.et</groupId>        <version>1.0-SNAPSHOT</version>    </parent>    <modelVersion>4.0.0</modelVersion>
    <artifactId>https</artifactId>
    <properties>        <maven.compiler.source>8</maven.compiler.source>        <maven.compiler.target>8</maven.compiler.target>    </properties>    <dependencies>
        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>
        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-autoconfigure</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-test</artifactId>            <scope>test</scope>        </dependency>
    </dependencies></project>

controller

package com.et.https.controller;
import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.ResponseBody;
import java.util.HashMap;import java.util.Map;@Controllerpublic class HelloWorldController {    @RequestMapping("/hello")    @ResponseBody    public Map<String, Object> showHelloWorld(){        Map<String, Object> map = new HashMap<>();        map.put("msg", "HelloWorld");        return map;    }}

application.yaml

server:  port: 443  ssl:    key-store: classpath:keystore.p12    key-store-password: 123456    keyStoreType: PKCS12    keyAlias: tomcat

http转发https

@Beanpublic TomcatServletWebServerFactory servletContainer() {   // 对http请求添加安全性约束，将其转换为https请求   TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {      @Override      protected void postProcessContext(Context context) {         SecurityConstraint securityConstraint = new SecurityConstraint();         securityConstraint.setUserConstraint("CONFIDENTIAL");         SecurityCollection collection = new SecurityCollection();         collection.addPattern("/*");         securityConstraint.addCollection(collection);         context.addConstraint(securityConstraint);      }   };   tomcat.addAdditionalTomcatConnectors(connector());   return tomcat;}
@Beanpublic Connector connector() {   Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");   // 捕获http请求，并将其重定向到443端口   connector.setScheme("http");   connector.setPort(80);   connector.setSecure(false);   connector.setRedirectPort(443);   return connector;}

http和https并存

@Beanpublic ServletWebServerFactory servletContainer() {   TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();   tomcat.addAdditionalTomcatConnectors(createStandardConnector());   return tomcat;}
private Connector createStandardConnector() {   Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");   connector.setPort(80);   return connector;}

以上只是一些关键代码，所有代码请参见下面代码仓库

代码仓库

• https://github.com/Harries/springboot-demo

4.测试

• 启动Spring Boot工程

• 访问 https://127.0.0.1/hello

5.引用

• https://www.tutorialspoint.com/spring_boot/spring_boot_enabling_https.htm

• http://www.liuhaihua.cn/archives/710427.html