Java笔记-Spring Boot SSL(https)实例
此篇博文記錄了在web程序中使用自簽名的SSL(HTTPS)證書及創(chuàng)建SSL認(rèn)證。
?
SSL關(guān)鍵的配置
Spring Boot中HTTPS的配置(application.properties)
server.port=8443 server.ssl.key-alias=selfsigned_localhost_sslserver server.ssl.key-password=changeit server.ssl.key-store=classpath:ssl-server.jks server.ssl.key-store-provider=SUN server.ssl.key-store-type=JKS將HTTP重定向到HTTPS
private Connector redirectConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setScheme("http");connector.setPort(8080);connector.setSecure(false);connector.setRedirectPort(8443);return connector; }?
基本概念
SSL:安全套接字層(Secure Sockets Layer)。此協(xié)議用于兩個(gè)系統(tǒng)網(wǎng)絡(luò)連接和傳輸時(shí)對(duì)數(shù)據(jù)的加密。傳輸過(guò)程中防止了黑客的讀取和竄改。
TLS:傳輸層安全(Transport Layer Security)相對(duì)于SSL更加的安全,相當(dāng)于SSL的升級(jí)版。目前所有的ca(certificate authorities)機(jī)構(gòu)都是基于TLS的,但是目前在互聯(lián)網(wǎng)上SSL更加流行。
HTTPS:超文本傳輸協(xié)議安全(Hyper Text Transfer Protocol Secure)在web網(wǎng)站上使用了SSL。這樣會(huì)比HTTP更加安全。
信任庫(kù)及密鑰庫(kù)(Truststore and Keystore):這兩個(gè)庫(kù)都是存儲(chǔ)了SSL證書。truststore存儲(chǔ)了公鑰信息,keystore存儲(chǔ)私鑰信息。
?
下面是創(chuàng)建自簽名證書
keytool -genkey -alias selfsigned_localhost_sslserver -keyalg RSA -keysize 2048 -validity 700 -keypass changeit -storepass changeit -keystore ssl-server.jks解析下:
-genkey:生成證書;
-alias selfsigned_localhost_sslserver:設(shè)置證書的別名;
-keyalg RSA -keysize 2048 -validity 700:truststore和keystore的密碼;
-keystore ssl-server.jks:存儲(chǔ)密鑰的文件。其中JKS的含義是Java Key Store
執(zhí)行完上面的代碼后,會(huì)詢問(wèn)一些問(wèn)題如下:
查看jks中的證書信息:
?
下面是關(guān)于程序方面的內(nèi)容
添加RESTful接口
@RestController class SecuredServerController{@RequestMapping("/secured")public String secured(){System.out.println("Inside secured()");return "Hello user !!! : " + new Date();} }將ssl-server.jks放到resources中在application.properties中配置如下:
server.port=8443 server.ssl.key-alias=selfsigned_localhost_sslserver server.ssl.key-password=changeit server.ssl.key-store=classpath:ssl-server.jks server.ssl.key-store-provider=SUN server.ssl.key-store-type=JKS這樣Spring Boot就配置好HTTPS了
url輸入https://localhost:8443/secured
就進(jìn)入了https站點(diǎn)了
將HTTP重定向到HTTPS
將8080端口重定向到8443上面:
@Bean public EmbeddedServletContainerFactory servletContainer() {TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection collection = new SecurityCollection();collection.addPattern("/*");securityConstraint.addCollection(collection);context.addConstraint(securityConstraint);}};tomcat.addAdditionalTomcatConnectors(redirectConnector());return tomcat; }private Connector redirectConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setScheme("http");connector.setPort(8080);connector.setSecure(false);connector.setRedirectPort(8443);return connector; }源碼打包下載地址:
https://github.com/fengfanchen/Java/tree/master/ssl-server
?
總結(jié)
以上是生活随笔為你收集整理的Java笔记-Spring Boot SSL(https)实例的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Node.js笔记-node.js连接M
- 下一篇: Java笔记-加密应用在网络通信中的使用