Spring Boot HTTPS配置與後臺調用

原創 Jason_川川 2019-02-22 23:46

啓用HTTPS

server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=secret
server.ssl.key-password=another-secret

management server可以使用不同的端口,不使用HTTPS:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:store.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=false

management server也可以使用不同的key store:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:main.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=true
management.server.ssl.key-store=classpath:management.jks
management.server.ssl.key-password=secret

通過配置application.properties不支持同時啓用HTTP和HTTPS,如要兩者同時啓用,推薦在配置文件中配置HTTPS,在程序中增加HTTP支持:

import org.apache.catalina.connector.Connector;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;

/**
 * Sample Application to show Tomcat running two connectors.
 *
 * @author Brock Mills
 * @author Andy Wilkinson
 */
@SpringBootApplication
public class SampleTomcatTwoConnectorsApplication {

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
        tomcat.addAdditionalTomcatConnectors(createStandardConnector());
        return tomcat;
    }

    private Connector createStandardConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setPort(0);
        return connector;
    }

    public static void main(String[] args) {
        SpringApplication.run(SampleTomcatTwoConnectorsApplication.class, args);
    }

}

使用keytool生成證書:

keytool -genkeypair -alias itrunner -keyalg RSA -dname "cn=www.itrunner.org, ou=itrunner, o=itrunner, c=CN" -validity 365 -keystore keystore.jks -storepass secret -storetype pkcs12

調用HTTPS REST服務

在調用HTTPS REST服務時需要配置受信證書,可使用keytool導入證書,生成trust-store文件:

keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

Java默認受信證書存儲在${JAVA_HOME}/jre/lib/security/cacerts內,初始密碼爲"changeit",可使用keytool查看:

keytool -list -keystore cacerts -v

也可自定義信任策略(TrustStrategy),忽略標準的信任驗證流程。下面分別示例使用Spring RestTemplate和JAX-RS調用HTTPS REST服務,忽略驗證證書和Hostname。

RestTemplate

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;

public class HttpsRest {
    public static void main(String[] args) throws Exception {
        SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);

        HttpClient httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build();
        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);

        RestTemplate restTemplate = new RestTemplate(requestFactory);
        restTemplate.postForObject(url, request, responseType);
    }
}

JAX-RS

如使用Jboss服務器,配置如下依賴:

<dependency>
  <groupId>org.jboss.spec.javax.ws.rs</groupId>
  <artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
  <version>1.0.2.Final</version>
  <scope>provided</scope>
</dependency>

示例代碼:

import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContextBuilder;

import javax.net.ssl.SSLContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import java.security.cert.X509Certificate;

public class HttpsRest {
    public static void main(String[] args) throws Exception {
        SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true).build();
        Client client = ClientBuilder.newBuilder().hostnameVerifier(NoopHostnameVerifier.INSTANCE).sslContext(sslContext).build();
        Entity<User> requestEntity = Entity.entity(new User(), MediaType.APPLICATION_JSON_TYPE);
        client.target(url).request().post(requestEntity, responseType);
        client.close();
    }
}

參考文檔

Spring Boot Reference Guide
spring-boot-sample-tomcat-multi-connectors

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Spring Boot中Jackson ObjectMapper應用詳解

Jason_川川 2019-02-22 23:47:50

Spring Boot加密配置屬性--Spring Cloud Vault詳解

Jason_川川 2019-02-22 23:46:42

這48個Java技術點,讓你的面試成功率提升5倍!

肥宅程序員 2019-02-22 22:54:33

[SpringBoot]源碼分析SpringBoot的異常處理機制

GitShare 2019-02-22 18:43:11

一篇文章爲你深度解析HTTPS 協議

何奧雷 2019-02-23 00:14:52

SSL證書常見錯誤和解決辦法

CTMO 2019-02-22 23:31:42

哪些網站需要HTTPS(SSL證書),至關重要嗎?

CTMO 2019-02-22 23:31:42

基於Python的HTTPS協議模擬登陸+爬取頁面

風刃 2019-02-22 22:48:55

PHP筆記

wq2010feng 2019-02-22 22:26:46

使用騰訊雲大禹開啓全站HTTPS

李是個好人 2019-02-22 20:42:25

用信鴿來解釋 HTTPS

套路走不穿 2019-02-22 19:58:42

WordPress博客DUX主題如何開啓全站HTTPS?

wenm945 2019-02-22 19:52:22

HTTPS基本原理與應用

lilugoodjob 2019-02-22 18:44:03

Java調用https服務報錯unable to find valid certification path to requested target的解決方法

after_sss 2019-02-22 18:34:21

Nginx配置SSL證書部署HTTPS網站

尤濤 2019-02-22 16:56:11