一、前言
在互联网时代,隐私和安全问题愈发突出,SpringBoot Https实现正是应对这一趋势的重要解决方案。通过本文,你将学到如下内容:
1. Https与Http的区别
2. Https的作用及优缺点
3. SpringBoot Https实现方法和步骤
二、Https介绍
Https(Hyper Text Transfer Protocol over Secure Socket Layer)即在HTTP上添加SSL层,将HTTP包装起来,从而保护数据传输过程中的隐私和安全,实现了加密通信和身份认证。
相较于Http,Https的优点有:
1. 数据传输过程中的隐私和安全更加可靠;
2. 可以防止中间人攻击(Man-in-the-Middle Attack);
3. 能够校验证书,确保服务器与客户端的真实性和一致性;
4. 能够对SEO产生积极影响。
三、SpringBoot Https实现步骤
1. 生成证书和私钥
使用Java提供的keytool工具生成证书和私钥。示例命令:
keytool -genkeypair -alias tomcat \ -keyalg RSA -keysize 2048 \ -keystore your_keystore_name.jks \ -validity 3650
其中,tomcat代表别名,keysize代表密钥长度,keystore代表证书存储路径。根据实际情况进行修改即可。
2. 配置application.properties
添加以下内容:
server.port=443 server.ssl.key-store=classpath:your_keystore_name.jks server.ssl.key-store-password=your_keystore_password server.ssl.keyStoreType=JKS server.ssl.keyAlias=tomcat
其中,port指定了服务器的端口号为443,key-store-path指定生成的证书路径,key-store-password指定证书密码,key-store-type指定证书类型,keyAlias指定了生成证书时的别名。
3. 修改启动类
在启动类中添加@EnableAutoConfiguration注解,并修改configure方法为下列代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll()
.and().csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic().disable()
.headers().cacheControl().disable();
}
在这里,我们允许所有请求都被通过,每次登录的session不需要管理,禁用了HTTP的基本认证验证,并禁用了响应头信息的缓存控制。
四、开启Https验证
通过以上配置后,启动SpringBoot项目默认为http,在访问https时会提示Http请求无法访问。我们还需要为SpringBoot添加Https支持,使请求能够被Https处理。
在启动类Application的main方法中添加如下内容即可启用Https验证:
Ssl ssl = new Ssl();
ssl.setKeyStore("classpath:your_keystore_name.jks");
ssl.setKeyStorePassword("your_keystore_password");
ssl.setKeyAlias("tomcat");
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
tomcat.setSsl(ssl);
return tomcat;
}
private Connector createSslConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
try {
File truststore = new ClassPathResource("your_keystore_name.jks").getFile();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(8443);
protocol.setSSLEnabled(true);
protocol.setKeystoreFile(truststore.getAbsolutePath());
protocol.setKeystorePass("your_keystore_password");
protocol.setKeyAlias("tomcat");
return connector;
}
catch (IOException ex) {
throw new IllegalStateException("can't access truststore: " + ex);
}
}
五、完整代码示例
以下为完整的SpringBoot Https实现代码示例:
@SpringBootApplication
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
Ssl ssl = new Ssl();
ssl.setKeyStore("classpath:your_keystore_name.jks");
ssl.setKeyStorePassword("your_keystore_password");
ssl.setKeyAlias("tomcat");
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
tomcat.setSsl(ssl);
return builder.sources(Application.class).web(WebApplicationType.SERVLET)
.bannerMode(Banner.Mode.OFF)
.properties("spring.config.additional-location=classpath:/application-production.properties")
.properties("spring.output.ansi.enabled=ALWAYS")
.properties("server.port=80")
.properties("server.http.port=80")
.properties("server.https.port=443")
.properties("server.ssl.enabled=true")
.properties("server.ssl.client-auth=none")
.properties("server.ssl.key-store=classpath:your_keystore_name.jks")
.properties("server.ssl.key-store-password=your_keystore_password")
.properties("server.ssl.keyStoreType=JKS")
.properties("server.ssl.keyAlias=tomcat")
.serverCustomizers((TomcatServletWebServerFactory factory) -> {
factory.addConnectorCustomizers((connector) -> {
connector.setProperty("relaxedQueryChars", "|{}[]");
connector.setParseBodyMethods("POST,PUT,DELETE");
connector.setProperty("relaxedPathChars", "_[]{}|");
});
});
}
private Connector createSslConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
try {
File truststore = new ClassPathResource("your_keystore_name.jks").getFile();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(443);
protocol.setSSLEnabled(true);
protocol.setKeystoreFile(truststore.getAbsolutePath());
protocol.setKeystorePass("your_keystore_password");
protocol.setKeyAlias("tomcat");
return connector;
}
catch (IOException ex) {
throw new IllegalStateException("can't access truststore: " + ex);
}
}
}
六、小结
通过本文,我们了解到Https的优点和作用,并详细介绍了SpringBoot中实现Https的步骤和代码示例。对于项目安全和隐私保护的需求,开启Https是一种可行的解决方案。
