springboot http转https

一、安全证书的生成
可以使用jdk自带的证书生成工具，jdk自带一个叫keytool的证书管理工具，可以用它来实现签名的证书。

1、进入cmd命令控制终端

2、生成一个证书
别名：alias = tomcat
密码：keypass = 123456
生成位置：keystore = D:/keys
keys文件夹需要自己先创建好
cmd命令:

keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/keys/tomcat.keystore -storepass 123456

3、获取tomcat.keystore文件，放入项目根目录下面

二，配置yml文件

server:
port: 8443
ssl:
key-store: server.keystore
key-alias: tomcat
enabled: true
key-store-type: JKS
key-store-password: 123456

三、springbootApplication启动类配置

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class WeijingApplication {
public static void main(String[] args) {
SpringApplication.run(WeijingApplication.class, args);
}
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint(“CONFIDENTIAL”);
SecurityCollection collection = new SecurityCollection();
collection.addPattern(“/*”);
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector(“org.apache.coyote.http11.Http11NioProtocol”);
connector.setScheme(“http”);
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}

启动成功

另外：springboot2.xx版本以上可以用上面的方法如果2.xx以下的就要换成

EmbeddedServletContainerFactory

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class WeijingApplication {
public static void main(String[] args) {
SpringApplication.run(WeijingApplication.class, args);
}
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint(“CONFIDENTIAL”);
SecurityCollection collection = new SecurityCollection();
collection.addPattern(“/*”);
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector(“org.apache.coyote.http11.Http11NioProtocol”);
connector.setScheme(“http”);
//Connector监听的http的端口号
connector.setPort(8080);
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(8443);
return connector;
}