Springboot2使用SSH证书

Springboot2使用SSH证书 参考https://blog.csdn.net/qq_42881421/article/details/95080440
梦神十夜编写于 2020年03月21日 22:46 浏览数量3174 SPRING-BOOT

使用命令生成证书

keytool -genkey -alias tomcat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678
keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678

yml配置

server:
  port: 8443  #注意,这里是https访问的的端口号
  ssl:
    key-store: file:src\main\resources\client.p12
    key-store-password: 12345678
    key-store-type: PKCS12
    key-alias: client


package com.daimeng.interceptor;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
 * 
* @功能描述: SSL证书 
* tomcat.keystore
* keytool -genkey -alias tomcat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678
* client.p12
* keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678
* @方法名称: servletContainer 
* @路径 com.daimeng.interceptor 
* @作者 daimeng.fun
* @E-Mail sephy9527@qq.com
* @创建时间 2020年3月21日 下午10:08:40 
* @version V1.0   
* @return 
* @return TomcatServletWebServerFactory
 */
@Configuration
public class SSLTomcatServletWebServerFactory {
    @Value("${connector.http.port}")
    private Integer httpPort;
    @Value("${connector.https.port}")
    private Integer httpsPort;
    
    @Bean
    public TomcatServletWebServerFactory servletContainer() { //springboot2 新变化
        //springboot2是TomcatServletWebServerFactory,springboot1则是TomcatEmbeddedServletContainerFactory
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");//机密的
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
    return tomcat;
    }
    private Connector initiateHttpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(httpPort);
        connector.setSecure(false);
        connector.setRedirectPort(httpsPort);
        return connector;
    }
}

把client.p12文件放到resource目录下即可
<( ̄︶ ̄)↗[][]~( ̄▽ ̄)~* ← 返回
{realname}{createTm}评论
{layer}楼
{context}