您好,登錄后才能下訂單哦!
server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=secret
server.ssl.key-password=another-secret
management server可以使用不同的端口,不使用HTTPS:
server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:store.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=false
management server也可以使用不同的key store:
server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:main.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=true
management.server.ssl.key-store=classpath:management.jks
management.server.ssl.key-password=secret
通過配置application.properties不支持同時啟用HTTP和HTTPS,如要兩者同時啟用,推薦在配置文件中配置HTTPS,在程序中增加HTTP支持:
import org.apache.catalina.connector.Connector;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
/**
* Sample Application to show Tomcat running two connectors.
*
* @author Brock Mills
* @author Andy Wilkinson
*/
@SpringBootApplication
public class SampleTomcatTwoConnectorsApplication {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createStandardConnector());
return tomcat;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(0);
return connector;
}
public static void main(String[] args) {
SpringApplication.run(SampleTomcatTwoConnectorsApplication.class, args);
}
}
使用keytool生成證書:
keytool -genkeypair -alias itrunner -keyalg RSA -dname "cn=www.itrunner.org, ou=itrunner, o=itrunner, c=CN" -validity 365 -keystore keystore.jks -storepass secret -storetype pkcs12
在調用HTTPS REST服務時需要配置受信證書,可使用keytool導入證書,生成trust-store文件:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
Java默認受信證書存儲在${JAVA_HOME}/jre/lib/security/cacerts內,初始密碼為"changeit",可使用keytool查看:
keytool -list -keystore cacerts -v
也可自定義信任策略(TrustStrategy),忽略標準的信任驗證流程。下面分別示例使用Spring RestTemplate和JAX-RS調用HTTPS REST服務,忽略驗證證書和Hostname。
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
public class HttpsRest {
public static void main(String[] args) throws Exception {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);
HttpClient httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
restTemplate.postForObject(url, request, responseType);
}
}
如使用Jboss服務器,配置如下依賴:
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
<version>1.0.2.Final</version>
<scope>provided</scope>
</dependency>
示例代碼:
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContextBuilder;
import javax.net.ssl.SSLContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import java.security.cert.X509Certificate;
public class HttpsRest {
public static void main(String[] args) throws Exception {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
Client client = ClientBuilder.newBuilder().hostnameVerifier(NoopHostnameVerifier.INSTANCE).sslContext(sslContext).build();
Entity<User> requestEntity = Entity.entity(new User(), MediaType.APPLICATION_JSON_TYPE);
client.target(url).request().post(requestEntity, responseType);
client.close();
}
}
Spring Boot Reference Guide
spring-boot-sample-tomcat-multi-connectors
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。