Spring Boot HTTPS配置与后台调用
2018-12-25 16:15
666 查看
启用HTTPS
server.port=8443 server.ssl.key-store=classpath:keystore.jks server.ssl.key-store-password=secret server.ssl.key-password=another-secret
management server可以使用不同的端口,不使用HTTPS:
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:store.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=false
management server也可以使用不同的key store:
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:main.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=true management.server.ssl.key-store=classpath:management.jks management.server.ssl.key-password=secret
通过配置application.properties不支持同时启用HTTP和HTTPS,如要两者同时启用,推荐在配置文件中配置HTTPS,在程序中增加HTTP支持:
import org.apache.catalina.connector.Connector; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.servlet.server.ServletWebServerFactory; import org.springframework.context.annotation.Bean; /** * Sample Application to show Tomcat running two connectors. * * @author Brock Mills * @author Andy Wilkinson */ @SpringBootApplication public class SampleTomcatTwoConnectorsApplication { @Bean public ServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); tomcat.addAdditionalTomcatConnectors(createStandardConnector()); return tomcat; } private Connector createStandardConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(0); return connector; } public static void main(String[] args) { SpringApplication.run(SampleTomcatTwoConnectorsApplication.class, args); } }
使用keytool生成证书:
keytool -genkeypair -alias itrunner -keyalg RSA -dname "cn=www.itrunner.org, ou=itrunner, o=itrunner, c=CN" -validity 365 -keystore keystore.jks -storepass secret -storetype pkcs12
调用HTTPS REST服务
在调用HTTPS REST服务时需要配置受信证书,可使用keytool导入证书,生成trust-store文件:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
Java默认受信证书存储在${JAVA_HOME}/jre/lib/security/cacerts内,初始密码为"changeit",可使用keytool查看:
keytool -list -keystore cacerts -v
也可自定义信任策略(TrustStrategy),忽略标准的信任验证流程。下面分别示例使用Spring RestTemplate和JAX-RS调用HTTPS REST服务,忽略验证证书和Hostname。
RestTemplate
import org.apache.http.client.HttpClient; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.ssl.SSLContextBuilder; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; import javax.net.ssl.SSLContext; import java.security.cert.X509Certificate; public class HttpsRest { public static void main(String[] args) throws Exception { SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE); HttpClient httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); requestFactory.setHttpClient(httpClient); RestTemplate restTemplate = new RestTemplate(requestFactory); restTemplate.postForObject(url, request, responseType); } }
JAX-RS
如使用Jboss服务器,配置如下依赖:
<dependency> <groupId>org.jboss.spec.javax.ws.rs</groupId> <artifactId>jboss-jaxrs-api_2.1_spec</artifactId> <version>1.0.2.Final</version> <scope>provided</scope> </dependency>
示例代码:
import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.ssl.SSLContextBuilder; import javax.net.ssl.SSLContext; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; import javax.ws.rs.client.Entity; import javax.ws.rs.core.MediaType; import java.security.cert.X509Certificate; public class HttpsRest { public static void main(String[] args) throws Exception { SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build(); Client client = ClientBuilder.newBuilder().hostnameVerifier(NoopHostnameVerifier.INSTANCE).sslContext(sslContext).build(); Entity<User> requestEntity = Entity.entity(new User(), MediaType.APPLICATION_JSON_TYPE); client.target(url).request().post(requestEnti b68 ty, responseType); client.close(); } }
参考文档
Spring Boot Reference Guide
spring-boot-sample-tomcat-multi-connectors
相关文章推荐
- spring boot 配置 https|ssl
- Spring Boot SSL [https]配置例子
- Spring Boot应用的后台运行配置(转载)
- Spring Boot应用的后台运行配置
- Spring Boot 定时任务实现后台管理动态配置(动态添加修改删除定时任务)
- Spring Boot应用的后台运行配置
- 详解SpringBoot初始教程之Tomcat、Https配置以及Jetty优化
- https spring boot (tomcat) 阿里云服务器配置
- SpringBoot加https的配置
- Spring Boot应用的后台运行配置
- Springboot项目使用Nginx 并配置 HTTPS
- [转]Spring Boot应用的后台运行配置
- 05-SpringBoot——Spring常用配置-Spring EL和资源调用
- SpringBoot初始教程之Tomcat、Jetty优化以及Https配置(九)
- java调用基于https的webservice(不生成密钥,基于spring配置,接收所有证书)
- Springboot配置使用ssl,使用https
- spring boot 配置https和SSL
- spring-boot 作为dubbo客户端 调用 dubbo 服务端 配置以及代码段
- spring boot https配置
- SpringBoot-08:SpringBoot采用json的方式实现前后台通用的配置文件