Enable HTTPS in Spring Boot

Spring-boot-enable-ssl

Enable HTTPS in Spring Boot

APRIL 14, 2015DRISS AMRI

This weekend I answered a question about enabling HTTPS in JHipster onstackoverflow that caught a lot of interest on Twitter so I decided to put a short post on it with some more useful details.

JHipster is a Spring Boot application with a lot of neat features and other frameworks completely integrated. The configuration is exactly the same like any other Spring Boot application, including the SSL settings. If you are interested to get a quick introduction on JHipster, feel free to take a look at my Start a modern Java web application with JHipster

If you are using Spring Boot and want to enable SSL (https) for your application on the embedded Tomcat there a few short steps you will need to take.

  1. Get yourself a SSL certificate: generate a self-signed certifcate or get one from a Certificate Authority
  2. Enable HTTPS in Spring Boot
  3. Redirect HTTP to HTTPS (optional)

Step 1: Get a SSL certificate

If you want to use SSL and serve your Spring Boot application over HTTPS you will need to get a certificate.

You have two options to get one. You can generate a self-signed certificate, which will most likely be what you’ll want to do in development since it’s the easiest option. This usually isn’t a good option in production since it will display a warning to the user that your certificate is not trusted.

The other (production) option is to request one from a Certificate Authority. I’ve heard good things about SSLMate to buy your certificate for a reasonable price with excellent support. There are some providers that are able to give out free certificates but usually you’ll have problems down the line if you have any issues or problems (revocations).

Since we are developers, let’s generate a self-signed certificate to get started quickly with development of our application. Every Java Runtime Environment (JRE) comes bundled with a certificate management utility,keytool. This can be used to generate our self-signed certificate. Let’s have a look:

keytool -genkey -alias tomcat

-storetype PKCS12 -keyalg RSA -keysize 2048

-keystore keystore.p12 -validity 3650

Enter keystore password: 

Re-enter new password:

What is your first and last name?

  [Unknown]: 

What is the name of your organizational unit?

  [Unknown]: 

What is the name of your organization?

  [Unknown]: 

What is the name of your City or Locality?

  [Unknown]: 

What is the name of your State or Province?

  [Unknown]: 

What is the two-letter country code for this unit?

  [Unknown]: 

Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?

  [no]:  yes

This will generate a PKCS12 keystore called keystore.p12 with your newly generate certificate in it, with certificate alias tomcat. You will need to reference keystore in a minute when we start to configure Spring Boot.

Step 2: Enable HTTPS in Spring Boot

By default your Spring Boot embedded Tomcat container will have HTTP on port 8080 enabled. Spring Boot lets you configure HTTP or HTTPS in the application.properties, but not both at once. If you want to enable both you will need to configure at least one programmatically. The Spring Boot reference documentation recommends configuring HTTPS in the application.properties since it’s the more complicated than HTTP.

Using configuration like the example above means the application will no longer support plain HTTP connector at port 8080. Spring Boot doesn’t support the configuration of both an HTTP connector and an HTTPS connector via application.properties. If you want to have both then you’ll need to configure one of them programmatically. It’s recommended to useapplication.properties to configure HTTPS as the HTTP connector is the easier of the two to configure programmatically. See the spring-boot-sample-tomcat-multi-connectors sample project for an example.

Funny enough despite their recommendation to configure HTTPS in the application.properties, their example does the exact opposite.

Let’s configure HTTPS in the default application.properties file undersrc/main/resources of your Spring Boot application:

server.port: 8443

server.ssl.key-store: keystore.p12

server.ssl.key-store-password: mypassword

server.ssl.keyStoreType: PKCS12

server.ssl.keyAlias: tomcat

That’s all you need to do to make your application accessible over HTTPS on https://localhost:8443, pretty easy right?

Step 3: Redirect HTTP to HTTPS (optional)

In some cases it might be a good idea to make your application accessible over HTTP too, but redirect all traffic to HTTPS.
To achieve this we’ll need to add a second Tomcat connector, but currently it is not possible to configure two connector in the application.properties like mentioned before. Because of this we’ll add the HTTP connector programmatically and make sure it redirects all traffic to our HTTPS connector.

For this we will need to add theTomcatEmbeddedServletContainerFactory bean to one of our@Configuration classes.

That’s all you need to do to make sure your application is always used over HTTPS!

时间: 2024-10-08 19:52:48

Enable HTTPS in Spring Boot的相关文章

Spring Boot Cookbook 中文笔记

Spring Boot Cookbook 一.Spring Boot 入门 Spring Boot的自动配置.Command-line Runner RESTful by Spring Boot with MySQL Spring Boot:Data Rest Service 二.配置Web应用 Spring Boot:定制servlet filters Spring Boot:定制拦截器 Spring Boot:定制HTTP消息转换器 Spring Boot:定制PropertyEditors

自制Https证书并在Spring Boot和Nginx中使用(转)

白话Https一文中, 介绍了Https存在的目的和工作原理,但多是偏向于原理性的介绍,本文介绍如何一步一步自制一个能够通过浏览器认证的Https证书,并讲解在Spring Boot环境和Nginx环境中服务器端的配置. 如果你还没有读过白话Https,我强烈建议你先去读一下.按照白话Https中的介绍,Https协议涉及到的主体主要有三个:客户端.服务端.以及CA机构.如下图所示: 在白话Https一文中,曾介绍一个服务要申请使用Https的流程.本文所介绍的流程,针对自制Https证书,更多

Spring Boot同时开启HTTP和HTTPS服务

由于Spring Boot中通过编码开启HTTPS服务比较复杂,所以官方推荐通过编码开启HTTP服务,而通过配置开启HTTPS服务. Spring Boot的application.yml中添加如下配置,开启HTTPS服务 server: port: 16062 ssl: key-store: classpath:config/test.jks key-store-password: 123456 key-password: 123456 其中的jks证书文件可以利用JDK工具keytool.e

Https系列之二:https的SSL证书在服务器端的部署,基于tomcat,spring boot

Https系列会在下面几篇文章中分别作介绍: 一:https的简单介绍及SSL证书的生成二:https的SSL证书在服务器端的部署,基于tomcat,spring boot三:让服务器同时支持http.https,基于spring boot四:https的SSL证书在Android端基于okhttp,Retrofit的使用 所有文章会优先在:微信公众号"颜家大少"中发布转载请标明出处 一:本文的主要内容介绍 CA证书的下载及相应文件的介绍CA证书在tomcat的部署CA证书在sprin

Https系列之三:让服务器同时支持http、https,基于spring boot

Https系列会在下面几篇文章中分别作介绍: 一:https的简单介绍及SSL证书的生成二:https的SSL证书在服务器端的部署,基于tomcat,spring boot三:让服务器同时支持http.https,基于spring boot四:https的SSL证书在Android端基于okhttp,Retrofit的使用 所有文章会优先在:微信公众号"颜家大少"中发布转载请标明出处 前面已介绍了:"https在服务器端的部署,基于tomcat,spring boot&quo

spring boot 添加整合ssl使得http变成https方法

1. https出现的背景:(1)都知道http传输协议是裸漏的,明文传输的,极易被黑客拦截,因此,(2)人们想出的使用加密,也就是 对称加密 例如aes,不过这个由于因为对称加密需要每个客户端和服务器有独立一套,当客户端多的时候维护困难,因此 有了 非对称加密 例如 RSA,RSA,这个是1977年 麻省理工学院三个程序员发明的,很厉害,目前还未被破解,扯远了 RSA是一种公钥密码体制,现在使用得很广泛.如果对RSA本身有兴趣的,后面看我有没有时间写个RSA的具体介绍. RSA密码体制是一种公

Spring Boot SSL [https]配置例子

前言 本文主要介绍Spring Boot HTTPS相关配置,基于自签证书实现: 通过本例子,同样可以了解创建SSL数字证书的过程: 本文概述 Spring boot HTTPS 配置 server.port=8443 server.ssl.key-alias=selfsigned_localhost_sslserver server.ssl.key-password=changeit server.ssl.key-store=classpath:ssl-server.jks server.ss

Spring Mvc和Spring Boot配置Tomcat支持Https

SpringBoot配置支持https spring boot因为是使用内置的tomcat,所以只需要一些简单的配置即可. 1.首先打开命令行工具,比如cmd,输入以下命令 keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 2.然后在你的根目录下面会看到一个.p12的文件,如下图所示: 3.将它移到你的spring boot

Spring boot 配置https 实现java通过https接口访问

近来公司需要搭建一个https的服务器来调试接口(服务器用的spring boot框架),刚开始接触就是一顿百度,最后发现互联网认可的https安全链接的证书需要去CA认证机构申请,由于是调试阶段就采用了java的keytool工具来生成密钥文件,下面是生成密钥文件的指令和步骤(前提是需要配置好java 的环境变量). 1.首先打开cmd命令,操作如下: keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 20