社区微信群开通啦,扫一扫抢先加入社区官方微信群
社区微信群
现在API接口一般要使用https协议,可以通过nginx反向代理实现,也可以让Spring Boot支持https协议。
使用JDK自带的命令keytool生成证书文件
keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048 -keystore /Users/mengday/Desktop/certificate.p12 -validity 365
其中密钥库口令和否正确两项是必须填写的,其它的都可以不填写,直接回车即可。
server.ssl.key-store=classpath:certificate.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=123456
@RestController
public class TestController {
@RequestMapping(value = "/test", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public String test() {
return "hello https";
}
}
使用http协议访问 http://localhost:8080/test 会报Bad Request This combination of host and port requires TLS
使用https协议访问 https://localhost:8080/test 因证书是自己生成的,浏览器认为是不安全的,所以不能直接访问,需要点击 “高级” -> “继续前往” 才可以继续访问
同时支持HTTP和HTTPS:HTTP重定向到HTTPS
访问http://localhost:8081/test 会直接重定向到https://localhost:8080/test
@Configuration
public class TomcatConfiguration {
@Bean
TomcatServletWebServerFactory tomcatServletWebServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
factory.addAdditionalTomcatConnectors(createTomcatConnector());
return factory;
}
private Connector createTomcatConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8081);
connector.setSecure(false);
connector.setRedirectPort(8080);
return connector;
}
}
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!