diff --git a/demo-https/.gitignore b/demo-https/.gitignore deleted file mode 100644 index a2a3040..0000000 --- a/demo-https/.gitignore +++ /dev/null @@ -1,31 +0,0 @@ -HELP.md -target/ -!.mvn/wrapper/maven-wrapper.jar -!**/src/main/** -!**/src/test/** - -### STS ### -.apt_generated -.classpath -.factorypath -.project -.settings -.springBeans -.sts4-cache - -### IntelliJ IDEA ### -.idea -*.iws -*.iml -*.ipr - -### NetBeans ### -/nbproject/private/ -/nbbuild/ -/dist/ -/nbdist/ -/.nb-gradle/ -build/ - -### VS Code ### -.vscode/ diff --git a/demo-https/README.md b/demo-https/README.md deleted file mode 100644 index 042cb6f..0000000 --- a/demo-https/README.md +++ /dev/null @@ -1,110 +0,0 @@ -# spring-boot-demo-https - -> 此 demo 主要演示了 Spring Boot 如何集成 https - -## 1. 生成证书 - -首先使用 jdk 自带的 keytool 命令生成证书复制到项目的 `resources` 目录下(生成的证书一般在用户目录下 C:\Users\Administrator\server.keystore) - -> 自己生成的证书浏览器会有危险提示,去ssl网站上使用金钱申请则不会 - -![ssl 命令截图](ssl.png) - -## 2. 添加配置 - -1. 在配置文件配置生成的证书 - -```yaml -server: - ssl: - # 证书路径 - key-store: classpath:server.keystore - key-alias: tomcat - enabled: true - key-store-type: JKS - #与申请时输入一致 - key-store-password: 123456 - # 浏览器默认端口 和 80 类似 - port: 443 -``` - -2. 配置 Tomcat - -```java -/** - *

- * HTTPS 配置类 - *

- * - * @author yangkai.shen - * @date Created in 2020-01-19 10:31 - */ -@Configuration -public class HttpsConfig { - /** - * 配置 http(80) -> 强制跳转到 https(443) - */ - @Bean - public Connector connector() { - Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); - connector.setScheme("http"); - connector.setPort(80); - connector.setSecure(false); - connector.setRedirectPort(443); - return connector; - } - - @Bean - public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) { - TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { - @Override - protected void postProcessContext(Context context) { - SecurityConstraint securityConstraint = new SecurityConstraint(); - securityConstraint.setUserConstraint("CONFIDENTIAL"); - SecurityCollection collection = new SecurityCollection(); - collection.addPattern("/*"); - securityConstraint.addCollection(collection); - context.addConstraint(securityConstraint); - } - }; - tomcat.addAdditionalTomcatConnectors(connector); - return tomcat; - } -} -``` - -## 3. 测试 - -启动项目,浏览器访问 http://localhost 将自动跳转到 https://localhost - -## 4. 参考 - -- `keytool`命令参考 - -```bash -$ keytool --help -密钥和证书管理工具 - -命令: - - -certreq 生成证书请求 - -changealias 更改条目的别名 - -delete 删除条目 - -exportcert 导出证书 - -genkeypair 生成密钥对 - -genseckey 生成密钥 - -gencert 根据证书请求生成证书 - -importcert 导入证书或证书链 - -importpass 导入口令 - -importkeystore 从其他密钥库导入一个或所有条目 - -keypasswd 更改条目的密钥口令 - -list 列出密钥库中的条目 - -printcert 打印证书内容 - -printcertreq 打印证书请求的内容 - -printcrl 打印 CRL 文件的内容 - -storepasswd 更改密钥库的存储口令 - -使用 "keytool -command_name -help" 获取 command_name 的用法 -``` - -- [Java Keytool工具简介](https://blog.csdn.net/liumiaocn/article/details/61921014) diff --git a/demo-https/src/main/resources/application.yml b/demo-https/src/main/resources/application.yml deleted file mode 100644 index 21ad6fc..0000000 --- a/demo-https/src/main/resources/application.yml +++ /dev/null @@ -1,11 +0,0 @@ -server: - ssl: - # 证书路径 - key-store: classpath:server.keystore - key-alias: tomcat - enabled: true - key-store-type: JKS - #与申请时输入一致 - key-store-password: 123456 - # 浏览器默认端口 和 80 类似 - port: 443 diff --git a/demo-https/src/main/resources/server.keystore b/demo-https/src/main/resources/server.keystore deleted file mode 100644 index a6b59ff..0000000 Binary files a/demo-https/src/main/resources/server.keystore and /dev/null differ diff --git a/demo-https/ssl.png b/demo-https/ssl.png deleted file mode 100644 index 6961426..0000000 Binary files a/demo-https/ssl.png and /dev/null differ diff --git a/demo-others/demo-others-https/README.md b/demo-others/demo-others-https/README.md new file mode 100644 index 0000000..40e1c21 --- /dev/null +++ b/demo-others/demo-others-https/README.md @@ -0,0 +1,148 @@ +## spring-boot-demo-https + +> 此 demo 主要演示了 Spring Boot 如何集成 https + +### 1.开发步骤 +#### 1.1.添加依赖 + +```xml + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-test + test + + +``` + +#### 1.2.生成证书 + +首先使用 jdk 自带的 keytool 命令生成证书复制到项目的 `resources` 目录下 + +```bash +$ keytool -genkey -alias spring-boot-demo -keyalg RSA -validity 3650 -keystore ./spring-boot-demo.key +输入密钥库口令: +您的名字与姓氏是什么? + [Unknown]: xkcoding +您的组织单位名称是什么? + [Unknown]: spring-boot-demo +您的组织名称是什么? + [Unknown]: spring-boot-demo +您所在的城市或区域名称是什么? + [Unknown]: Hangzhou +您所在的省/市/自治区名称是什么? + [Unknown]: Zhejiang +该单位的双字母国家/地区代码是什么? + [Unknown]: CN +CN=xkcoding, OU=spring-boot-demo, O=spring-boot-demo, L=Hangzhou, ST=Zhejiang, C=CN是否正确? + [否]: y + +正在为以下对象生成 2,048 位RSA密钥对和自签名证书 (SHA256withRSA) (有效期为 3,650 天): + CN=xkcoding, OU=spring-boot-demo, O=spring-boot-demo, L=Hangzhou, ST=Zhejiang, C=CN +``` + +#### 1.3.添加配置 + +1. 在配置文件配置生成的证书 + +```yaml +server: + ssl: + # 证书路径 + key-store: classpath:spring-boot-demo.key + key-alias: spring-boot-demo + enabled: true + key-store-type: JKS + # 与申请时输入一致 + key-store-password: 123456 + # 浏览器默认端口 和 80 类似 + port: 8443 + servlet: + context-path: /demo + +``` + +2. 配置 Tomcat + +```java +@Configuration +public class HttpsConfig { + /** + * 配置 http(80) -> 强制跳转到 https(443) + */ + @Bean + public Connector connector() { + Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); + connector.setScheme("http"); + connector.setPort(8080); + connector.setSecure(false); + connector.setRedirectPort(8443); + return connector; + } + + @Bean + public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) { + TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { + @Override + protected void postProcessContext(Context context) { + SecurityConstraint securityConstraint = new SecurityConstraint(); + securityConstraint.setUserConstraint("CONFIDENTIAL"); + SecurityCollection collection = new SecurityCollection(); + collection.addPattern("/*"); + securityConstraint.addCollection(collection); + context.addConstraint(securityConstraint); + } + }; + tomcat.addAdditionalTomcatConnectors(connector); + return tomcat; + } +} +``` + +### 2.测试 + +启动 `HttpsApplication`,浏览器访问 `http://localhost:8080/demo/` 将自动跳转到 `https://localhost:8443/demo/` ,同时浏览器地址栏前面还会加一把小锁的标志,代表https已经生效。 + +> 注意: +> 1. 自己生成的证书浏览器会有危险提示,去ssl网站上使用金钱申请则不会 +> 2. Chrome 浏览器会因为证书不可信导致无法访问,因此测试请使用 FireFox 浏览器 + +### 3.参考 + +- `keytool`命令参考 + +```bash +$ keytool --help +密钥和证书管理工具 + +命令: + + -certreq 生成证书请求 + -changealias 更改条目的别名 + -delete 删除条目 + -exportcert 导出证书 + -genkeypair 生成密钥对 + -genseckey 生成密钥 + -gencert 根据证书请求生成证书 + -importcert 导入证书或证书链 + -importpass 导入口令 + -importkeystore 从其他密钥库导入一个或所有条目 + -keypasswd 更改条目的密钥口令 + -list 列出密钥库中的条目 + -printcert 打印证书内容 + -printcertreq 打印证书请求的内容 + -printcrl 打印 CRL 文件的内容 + -storepasswd 更改密钥库的存储口令 + -showinfo 显示安全相关信息 + +使用 "keytool -?, -h, or --help" 可输出此帮助消息 +使用 "keytool -command_name --help" 可获取 command_name 的用法。 +使用 -conf 选项可指定预配置的选项文件。 +``` + +- [Java Keytool工具简介](https://blog.csdn.net/liumiaocn/article/details/61921014) diff --git a/demo-https/pom.xml b/demo-others/demo-others-https/pom.xml similarity index 78% rename from demo-https/pom.xml rename to demo-others/demo-others-https/pom.xml index c603394..dfb3519 100644 --- a/demo-https/pom.xml +++ b/demo-others/demo-others-https/pom.xml @@ -1,23 +1,21 @@ - 4.0.0 - - demo-https - 0.0.1-SNAPSHOT - demo-https - Demo project for Spring Boot - com.xkcoding - spring-boot-demo + demo-others 1.0.0-SNAPSHOT + 4.0.0 + + demo-others-https + 0.0.1-SNAPSHOT + demo-others-https + Demo project for Spring Boot + - UTF-8 - UTF-8 - 1.8 + 17 @@ -25,6 +23,7 @@ org.springframework.boot spring-boot-starter-web + org.springframework.boot spring-boot-starter-test @@ -33,6 +32,7 @@ + demo-others-https org.springframework.boot diff --git a/demo-https/src/main/java/com/xkcoding/https/SpringBootDemoHttpsApplication.java b/demo-others/demo-others-https/src/main/java/com/xkcoding/https/HttpsApplication.java similarity index 72% rename from demo-https/src/main/java/com/xkcoding/https/SpringBootDemoHttpsApplication.java rename to demo-others/demo-others-https/src/main/java/com/xkcoding/https/HttpsApplication.java index 2f7dd0a..41695fd 100644 --- a/demo-https/src/main/java/com/xkcoding/https/SpringBootDemoHttpsApplication.java +++ b/demo-others/demo-others-https/src/main/java/com/xkcoding/https/HttpsApplication.java @@ -12,10 +12,10 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; * @date Created in 2020-01-12 10:31 */ @SpringBootApplication -public class SpringBootDemoHttpsApplication { +public class HttpsApplication { public static void main(String[] args) { - SpringApplication.run(SpringBootDemoHttpsApplication.class, args); + SpringApplication.run(HttpsApplication.class, args); } } diff --git a/demo-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java b/demo-others/demo-others-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java similarity index 95% rename from demo-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java rename to demo-others/demo-others-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java index 239227a..c883d8d 100644 --- a/demo-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java +++ b/demo-others/demo-others-https/src/main/java/com/xkcoding/https/config/HttpsConfig.java @@ -25,9 +25,9 @@ public class HttpsConfig { public Connector connector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); - connector.setPort(80); + connector.setPort(8080); connector.setSecure(false); - connector.setRedirectPort(443); + connector.setRedirectPort(8443); return connector; } diff --git a/demo-others/demo-others-https/src/main/resources/application.yml b/demo-others/demo-others-https/src/main/resources/application.yml new file mode 100644 index 0000000..ec25d00 --- /dev/null +++ b/demo-others/demo-others-https/src/main/resources/application.yml @@ -0,0 +1,13 @@ +server: + ssl: + # 证书路径 + key-store: classpath:spring-boot-demo.key + key-alias: spring-boot-demo + enabled: true + key-store-type: JKS + # 与申请时输入一致 + key-store-password: 123456 + # 浏览器默认端口 和 80 类似 + port: 8443 + servlet: + context-path: /demo diff --git a/demo-others/demo-others-https/src/main/resources/spring-boot-demo.key b/demo-others/demo-others-https/src/main/resources/spring-boot-demo.key new file mode 100644 index 0000000..1b4f359 Binary files /dev/null and b/demo-others/demo-others-https/src/main/resources/spring-boot-demo.key differ diff --git a/demo-https/src/main/resources/static/index.html b/demo-others/demo-others-https/src/main/resources/static/index.html similarity index 61% rename from demo-https/src/main/resources/static/index.html rename to demo-others/demo-others-https/src/main/resources/static/index.html index 933c73e..c73de3b 100644 --- a/demo-https/src/main/resources/static/index.html +++ b/demo-others/demo-others-https/src/main/resources/static/index.html @@ -1,8 +1,8 @@ - - spring boot demo https + + spring boot demo https

diff --git a/demo-https/src/test/java/com/xkcoding/https/SpringBootDemoHttpsApplicationTests.java b/demo-others/demo-others-https/src/test/java/com/xkcoding/https/HttpsApplicationTests.java similarity index 69% rename from demo-https/src/test/java/com/xkcoding/https/SpringBootDemoHttpsApplicationTests.java rename to demo-others/demo-others-https/src/test/java/com/xkcoding/https/HttpsApplicationTests.java index b8b343e..aee47fb 100644 --- a/demo-https/src/test/java/com/xkcoding/https/SpringBootDemoHttpsApplicationTests.java +++ b/demo-others/demo-others-https/src/test/java/com/xkcoding/https/HttpsApplicationTests.java @@ -1,10 +1,10 @@ package com.xkcoding.https; -import org.junit.Test; +import org.junit.jupiter.api.Test; import org.springframework.boot.test.context.SpringBootTest; @SpringBootTest -class SpringBootDemoHttpsApplicationTests { +class HttpsApplicationTests { @Test void contextLoads() { diff --git a/demo-others/pom.xml b/demo-others/pom.xml index 63c4e35..dd4660a 100644 --- a/demo-others/pom.xml +++ b/demo-others/pom.xml @@ -18,4 +18,8 @@ 17 + + demo-others-https + + diff --git a/pom.xml b/pom.xml index e0059ad..c0fa61a 100644 --- a/pom.xml +++ b/pom.xml @@ -81,7 +81,6 @@ -