證書生成:
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
項目配置(yml):
server:
port: 8443
ssl:
key-store: classpath:keystore.p12
key-store-password: java1234
keyStoreType: PKCS12
keyAlias: tomcat
HTTP自動轉向HTTPS(這兩個必須放在入口類裏面)
@Beanpublic EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
//Connector監聽的http的端口號
connector.setPort(8080);
connector.setSecure(false);
//監聽到http的端口號後轉向到的https的端口號
connector.setRedirectPort(8443);
return connector;
}