Spring Boot HTTPS配置與後臺調用
啓用HTTPS
server.port=8443 server.ssl.key-store=classpath:keystore.jks server.ssl.key-store-password=secret server.ssl.key-password=another-secret
management server能夠使用不一樣的端口,不使用HTTPS:html
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:store.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=false
management server也能夠使用不一樣的key store:java
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:main.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=true management.server.ssl.key-store=classpath:management.jks management.server.ssl.key-password=secret
經過配置application.properties不支持同時啓用HTTP和HTTPS,如要二者同時啓用,推薦在配置文件中配置HTTPS,在程序中增長HTTP支持:git
import org.apache.catalina.connector.Connector;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
/**
* Sample Application to show Tomcat running two connectors.
*
* @author Brock Mills
* @author Andy Wilkinson
*/
@SpringBootApplication
public class SampleTomcatTwoConnectorsApplication {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createStandardConnector());
return tomcat;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(0);
return connector;
}
public static void main(String[] args) {
SpringApplication.run(SampleTomcatTwoConnectorsApplication.class, args);
}
}
使用keytool生成證書:github
keytool -genkeypair -alias itrunner -keyalg RSA -dname "cn=www.itrunner.org, ou=itrunner, o=itrunner, c=CN" -validity 365 -keystore keystore.jks -storepass secret -storetype pkcs12
調用HTTPS REST服務
在調用HTTPS REST服務時須要配置受信證書,可以使用keytool導入證書,生成trust-store文件:web
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
Java默認受信證書存儲在${JAVA_HOME}/jre/lib/security/cacerts內,初始密碼爲"changeit",可以使用keytool查看:spring
keytool -list -keystore cacerts -v
也可自定義信任策略(TrustStrategy),忽略標準的信任驗證流程。下面分別示例使用Spring RestTemplate和JAX-RS調用HTTPS REST服務,忽略驗證證書和Hostname。apache
RestTemplate
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
public class HttpsRest {
public static void main(String[] args) throws Exception {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);
HttpClient httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
restTemplate.postForObject(url, request, responseType);
}
}
JAX-RS
如使用Jboss服務器,配置以下依賴:api
<dependency> <groupId>org.jboss.spec.javax.ws.rs</groupId> <artifactId>jboss-jaxrs-api_2.1_spec</artifactId> <version>1.0.2.Final</version> <scope>provided</scope> </dependency>
示例代碼:tomcat
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContextBuilder;
import javax.net.ssl.SSLContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import java.security.cert.X509Certificate;
public class HttpsRest {
public static void main(String[] args) throws Exception {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
Client client = ClientBuilder.newBuilder().hostnameVerifier(NoopHostnameVerifier.INSTANCE).sslContext(sslContext).build();
Entity<User> requestEntity = Entity.entity(new User(), MediaType.APPLICATION_JSON_TYPE);
client.target(url).request().post(requestEntity, responseType);
client.close();
}
}
參考文檔
Spring Boot Reference Guide
spring-boot-sample-tomcat-multi-connectors服務器
相關文章
- 1. spring boot 與 vue 配置 https
- 2. spring boot 配置 https
- 3. spring boot https配置
- 4. Spring Boot 集成配置 HTTPS
- 5. Spring Boot 配置 HTTPS 訪問
- 6. spring boot 後臺運行配置
- 7. spring boot 與配置
- 8. spring boot 配置ssl 實現HTTPS
- 9. 【spring boot】配置ssl證書實現https
- 10. Spring Boot 支持 HTTPS (步驟配置)
- 更多相關文章...
- • Spring Bean的配置及常用屬性 - Spring教程
- • Eclipse Debug 配置 - Eclipse 教程
- • IDEA下SpringBoot工程配置文件沒有提示
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
歡迎關注本站公眾號,獲取更多信息
