Spring Boot集成Https快速入门Demo

1.什么是https?

HTTPS，也称作HTTP over TLS。TLS的前身是SSL，TLS 1.0通常被标示为SSL 3.1，TLS 1.1为SSL 3.2，TLS 1.2为SSL 3.3 HTTPS和HTTP协议相比提供了

数据完整性：内容传输经过完整性校验
数据隐私性：内容经过对称加密，每个连接生成一个唯一的加密密钥
身份认证：第三方无法伪造服务端(客户端)身份

其中，数据完整性和隐私性由TLS Record Protocol保证，身份认证由TLS Handshaking Protocols实现。

2证书准备

自签名证书

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650

参数解释

-genkey: 生成SSL证书
-alias: 证书别名
-storetype: 秘钥仓库类型
-keyalg: 生成证书算法
-keysize: 证书大小
-keystore: 生成证书保存路径
-validity: 证书有效期

将当前目录下keystore.p12，放到自己的springboot项目中的resource下

申请CA证书

google搜索一下免费的ssl证书，这里就不在讲述了

3.代码工程

实验目的：controller实现https访问

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><parent><artifactId>springboot-demo</artifactId><groupId>com.et</groupId><version>1.0-SNAPSHOT</version></parent><modelVersion>4.0.0</modelVersion><artifactId>https</artifactId><properties><maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-autoconfigure</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency></dependencies>
</project>

controller

package com.et.https.controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;import java.util.HashMap;
import java.util.Map;
@Controller
public class HelloWorldController {@RequestMapping("/hello")@ResponseBodypublic Map<String, Object> showHelloWorld(){Map<String, Object> map = new HashMap<>();map.put("msg", "HelloWorld");return map;}
}

application.yaml

server:port: 443ssl:key-store: classpath:keystore.p12key-store-password: 123456keyStoreType: PKCS12keyAlias: tomcat

http转发https

java">@Bean
public TomcatServletWebServerFactory servletContainer() {// 对http请求添加安全性约束，将其转换为https请求TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection collection = new SecurityCollection();collection.addPattern("/*");securityConstraint.addCollection(collection);context.addConstraint(securityConstraint);}};tomcat.addAdditionalTomcatConnectors(connector());return tomcat;
}@Bean
public Connector connector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");// 捕获http请求，并将其重定向到443端口connector.setScheme("http");connector.setPort(80);connector.setSecure(false);connector.setRedirectPort(443);return connector;
}

http和https并存

java">@Bean
public ServletWebServerFactory servletContainer() {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();tomcat.addAdditionalTomcatConnectors(createStandardConnector());return tomcat;
}private Connector createStandardConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setPort(80);return connector;
}

以上只是一些关键代码，所有代码请参见下面代码仓库