启用HTTPS
<代码> server.port=8443 server.ssl.key-store=类路径:keystore.jks server.ssl.key-store-password=秘密 server.ssl.key-password=另一个秘密代码
管理服务器可以使用不同的端口,不使用HTTPS:
<代码> server.port=8443 server.ssl.enabled=true server.ssl.key-store=类路径:store.jks server.ssl.key-password=秘密 management.server.port=8080 management.server.ssl.enabled=false
管理服务器也可以使用不同的密钥存储库:
<代码> server.port=8443 server.ssl.enabled=true server.ssl.key-store=类路径:main.jks server.ssl.key-password=秘密 management.server.port=8080 management.server.ssl.enabled=true management.server.ssl.key-store=类路径:management.jks management.server.ssl.key-password=秘密
通过配置application.properties不支持同时启用HTTP和HTTPS,如要两者同时启用,推荐在配置文件中配置HTTPS,在程序中增加HTTP支持:
<代码>进口org.apache.catalina.connector.Connector;
进口org.springframework.boot.SpringApplication;
进口org.springframework.boot.autoconfigure.SpringBootApplication;
进口org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
进口org.springframework.boot.web.servlet.server.ServletWebServerFactory;
进口org.springframework.context.annotation.Bean;/* *
*示例应用程序展示Tomcat运行两个连接器。
*
* @author布鲁克米尔斯
* @author安迪·威尔金森
*/@SpringBootApplication
公开课SampleTomcatTwoConnectorsApplication {
@ bean
公共ServletWebServerFactory servletContainer () {
TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory ();
tomcat.addAdditionalTomcatConnectors (createStandardConnector ());
返回tomcat;
}
私人连接器createStandardConnector () {
连接器连接器=new连接器(“org.apache.coyote.http11.Http11NioProtocol”);
connector.setPort (0);
返回连接器;
}
公共静态void main (String [] args) {
SpringApplication.run (SampleTomcatTwoConnectorsApplication.class, args);
}
}
使用keytool生成证书:
<代码> keytool -genkeypair别名itrunner -keyalg RSA -dname“cn=www.itrunner.org, ou=itrunner, o=itrunner, c=cn”有效性365 keystore keystore。jks对于storepass秘密-storetype pkcs12
调用HTTPS休息服务
在调用HTTPS休息服务时需要配置受信证书,可使用keytool导入证书,生成信任存储区文件:
<代码> keytool进口别名“我的服务器证书”——文件服务器。crt keystore my.truststore
Java默认受信证书存储在$ {JAVA_HOME}/jre/lib/安全/cacerts内,初始密码为“changeit",可使用keytool查看:
<代码> keytool附些keystore cacerts - v
也可自定义信任策略(TrustStrategy),忽略标准的信任验证流程。下面分别示例使用Spring创建RestTemplate和jax - rs调用HTTPS休息服务,忽略验证证书和主机名。
创建RestTemplate
<代码>进口org.apache.http.client.HttpClient;
进口org.apache.http.conn.ssl.NoopHostnameVerifier;
进口org.apache.http.conn.ssl.SSLConnectionSocketFactory;
进口org.apache.http.impl.client.HttpClientBuilder;
进口org.apache.http.ssl.SSLContextBuilder;
进口org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
进口org.springframework.web.client.RestTemplate;
进口javax.net.ssl.SSLContext;
进口java.security.cert.X509Certificate;
公开课HttpsRest {
公共静态void main (String [] args){抛出异常
SSLContext SSLContext=SSLContextBuilder.create ()。loadTrustMaterial (null (X509Certificate [] X509Certificate字符串s)→真的).build ();
SSLConnectionSocketFactory sslSocketFactory=new SSLConnectionSocketFactory (sslContext新String [] {“SSLv3”、“TLSv1”,“TLSv1.2”}, null, NoopHostnameVerifier.INSTANCE);
HttpClient HttpClient=HttpClientBuilder.create () .setSSLSocketFactory (sslSocketFactory) .build ();
HttpComponentsClientHttpRequestFactory requestFactory=new HttpComponentsClientHttpRequestFactory ();
requestFactory.setHttpClient (httpClient);
创建RestTemplate创建RestTemplate=new创建RestTemplate (requestFactory);
创建restTemplate。postForObject (url请求,responseType);
}
}
jax - rs
如使用Jboss服务器,配置如下依赖:
