Http项目转Https项目

时间  2020-05-13
标签 http 项目 https 栏目 HTTP/TCP 繁體版
原文   原文链接

Https证书准备java

开发环境下,可直接用JDK自带的keytool工具生成一个证书,正式环境可购买一个,配置过程是同样的:web

打开cmd命令行,输入如下命令:算法

命令解释:spring

  1. -alias 证书别名
  2. -keypass 证书密码
  3. -keyalg 生证书的算法名称,RSA是一种非对称加密算法 
  4. -keysize 密钥长度
  5. -validity 证书的有效期(单位:天)
  6. -keystore 生成的证书文件的存储路径 
  7. -storepass 获取keystore信息的密码
keytool -genkey -alias mykeystore -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/mykeystore.keystore -storepass 123456

 

根据提示输入相关信息便可:apache

 

 

SpringMVC项目配置:跨域

一.Tomcat服务器配置tomcat

打开tomcat路径conf文件夹下server.xml文件,本来以下内容:服务器

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

将8443端口配置注释取消,并添加第一步生成的证书路径及密码,修改后以下所示:app

 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"  redirectPort="8443"/>
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    
    <!-- 开启https访问 -->
    <Connector port="8443" SSLEnabled="true" clientAuth="false" 
        keystoreFile="D:\mykeystore.keystore" 
        keystorePass="123456" 
        maxThreads="150"  
        protocol="org.apache.coyote.http11.Http11NioProtocol" 
        scheme="https" secure="true" sslProtocol="TLS"/>

二. 配置项目web.xmlcors

打开项目下web.xml,添加以下配置

<security-constraint>  
        <!-- Authorization setting for SSL -->  
        <web-resource-collection >  
            <web-resource-name >SSL</web-resource-name>  
            <url-pattern>/*</url-pattern>  
        </web-resource-collection>  
        <user-data-constraint>  
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
        </user-data-constraint>  
 </security-constraint>

 至此,SpringMVC项目即完成了https的配置

 

SpringBoot项目配置:

一. 将第一步生成的证书放进resource文件夹

 

二. 配置application.yml或者application.properties文件

#修改端口号
server:
##设置https端口
  port: 8444
##设置http端口,访问此端口将被重定向到https端口   
  http:
    port: 8080
####定义项目的访问上下文
    context-path: /mySpringBoot
##开启Https协议    
  ssl:
    key-store: classpath:mykeystore.keystore
    key-store-password: 123456
    key-store-type: jks
    key-alias: mykeystore

 注:此处的key-store-type应设置为部署环境下jre里面对应的keystore.type。打开$JAVA_HOME/jre/lib/security/java.security文件

 

 

三. 建立一个WebConfig配置

 1 package com.config;
 2 
 3 import org.apache.catalina.Context;
 4 import org.apache.catalina.connector.Connector;
 5 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 6 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 7 import org.springframework.beans.factory.annotation.Value;
 8 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 9 import org.springframework.boot.web.servlet.FilterRegistrationBean;
10 import org.springframework.context.annotation.Bean;
11 import org.springframework.context.annotation.Configuration;
12 import org.springframework.web.cors.CorsConfiguration;
13 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
14 import org.springframework.web.filter.CorsFilter;
15 
16 @Configuration
17 public class WebConfig{
18     
19     @Value("${server.port}")
20     private int serverPort;
21 
22     @Value("${server.http.port}")
23     private int serverHttpPort;
24     
25     /**
26      * 解决跨域问题
27      * @param registry
28      */
29     @Bean
30     public FilterRegistrationBean<CorsFilter> corsFilter() {
31         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
32         CorsConfiguration config = new CorsConfiguration();
33         config.setAllowCredentials(true);
34         // 设置你要容许的网站域名,*表示任意域名
35         config.addAllowedOrigin("*");
36         // 表示你要容许的请求头部信息
37         config.addAllowedHeader("*");
38         // 设置你要容许的请求方法
39         config.addAllowedMethod("GET,POST,PUT,DELETE,HEAD,OPTIONS");
40         source.registerCorsConfiguration("/**", config);
41         FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source));
42         // 这个顺序很重要,为避免麻烦请设置在最前
43         bean.setOrder(0);
44         return bean;
45 
46     }
47     
48     /**
49      * Tomcat配置Https
50      * @return
51      */
52     @Bean
53     public TomcatServletWebServerFactory  servletContainer() {
54         TomcatServletWebServerFactory  tomcat = new TomcatServletWebServerFactory () {
55             @Override
56             protected void postProcessContext(Context context) {
57                 SecurityConstraint securityConstraint = new SecurityConstraint();
58                 securityConstraint.setUserConstraint("CONFIDENTIAL");
59                 SecurityCollection collection = new SecurityCollection();
60                 collection.addPattern("/*");
61                 securityConstraint.addCollection(collection);
62                 context.addConstraint(securityConstraint);
63             }
64         };
65 
66         tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
67         return tomcat;
68     }
69 
70     /**
71      * 配置监听端口
72      */
73     private Connector initiateHttpConnector() {
74         Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
75         connector.setScheme("http");
76         //Connector监听的http的端口号 
77         connector.setPort(serverHttpPort);
78         connector.setSecure(false);
79         //监听到http的端口号后转向到的https的端口号
80         connector.setRedirectPort(serverPort);
81         return connector;
82     }
83 }

 

至此,SpringBoot项目即完成了https的配置

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程