Is Spring Boot so hard to support Https?

Time:2019-8-13

HTTPS is becoming more and more popular now, especially when developing small programs or public numbers, HTTPS is basically just needed.

However, an HTTPS certificate is expensive, and individual developers can apply for a free certificate from various cloud service providers. I have the impression that the validity period is one year and can apply for 20.

Today I want to talk to you about how to turn on the HTTPS configuration in Spring Book project to escort our interface.

Introduction to HTTPS

Let’s first look at what HTTPS is, according to Wikipedia:

HyperText Transfer Protocol Secure (HTTPS), commonly known as HTTP over TLS, HTTP over SSL or HTTP Secure, is a transmission protocol for secure communication through computer networks. HTTPS communicates via HTTP, but encrypts data packets using SSL/TLS. The main purpose of HTTPS development is to provide identity authentication for web servers and protect the privacy and integrity of data exchanged. The protocol was first proposed by Netscape in 1994 and then extended to the Internet.

Historically, HTTPS connections have often been used for transaction payments on the Internet and for the transmission of sensitive information in enterprise information systems. From the late 2000’s to the early 2010’s, HTTPS began to be widely used to ensure the authenticity of various types of web pages, protect accounts and maintain the privacy of user communications, identity and web browsing.

In addition, there is a Secure Hypertext Transfer Protocol (S-HTTP), which is also an implementation of HTTP secure transmission. However, the extensive application of HTTPS has become a de facto implementation of HTTP secure transmission, and S-HTTP has not been widely supported.

Dead work

First of all, we need an HTTPS certificate. We can apply for a free HTTPS certificate from various cloud service providers, but it is not necessary to do experiments by ourselves. We can generate a free HTTPS certificate directly by using the JDK management tool keytool that comes with Java.

Enter%JAVVA_HOME%\binUnder the directory, execute the following command to generate a digital certificate:

keytool -genkey -alias tomcathttps -keyalg RSA -keysize 2048  -keystore D:\javaboy.p12 -validity 365

The meaning of the order is as follows:

  • Genkey indicates that a new key is to be created.
  • Alias is an alias for keystore.
  • Kealg denotes that the encryption algorithm used is RSA, an asymmetric encryption algorithm.
  • Keysize represents the length of the key.
  • The keystore represents the generated key storage location.
  • Validity denotes the effective time of the key in days.

The specific generation process is as follows:

Is Spring Boot so hard to support Https?

When the command is executed, we will see a file named javaboy. p12 in the D disk directory. As follows:

Is Spring Boot so hard to support Https?

With this document, our preparations are OK.

Introducing HTTPS

Next we need to introduce HTTPS into the project.

Copy the javaboy. p12 generated above into the resources directory of the Spring Book project. Then add the following configuration in application. properties:

server.ssl.key-store=classpath:javaboy.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=111111

Among them:

  • The key-store represents the key file name.
  • Key-alias denotes the key alias.
  • Key-store-password is the password entered during the execution of the CMD command.

When the configuration is complete, the Spring Boot project can be started. If we use the Http protocol directly to access the interface, we will see the following errors:

Is Spring Boot so hard to support Https?

Instead of using HTTPS to access, the results are as follows:

Is Spring Boot so hard to support Https?

This is because our own HTTPS certificate is not recognized by the browser, but it doesn’t matter, we just click to continue to visit (in the actual project only need to replace a browser-approved HTTPS certificate).

Is Spring Boot so hard to support Https?

Request forwarding

Considering that Spring Boot does not support starting HTTP and HTTPS at the same time, to solve this problem, we can configure a request forwarding, which automatically forwards to HTTPS when the user initiates an HTTP call.

The specific configuration is as follows:

@Configuration
public class TomcatConfig {
    @Bean
    TomcatServletWebServerFactory tomcatServletWebServerFactory() {
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        factory.addAdditionalTomcatConnectors(createTomcatConnector());
        return factory;
    }
    private Connector createTomcatConnector() {
        Connector connector = new
                Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8081);
        connector.setSecure(false);
        connector.setRedirectPort(8080);
        return connector;
    }
}

Here, we configure the request port of Http to be 8081, and all requests from 8081 will be redirected automatically to the port of 8080 https.

After that, when we access the HTTP request, we automatically redirect to https.

epilogue

It’s really convenient to add HTTPS to Spring Boot. If you use nginx or tomcat, HTTPS can also send very convenient configuration. After applying for HTTPS certificates from various cloud service providers, the government will have a detailed configuration tutorial. Generally, it will not be wrong to follow suit.

Focus on the public number, focus on Spring Boot + micro-services and front-end separation and other full stack technology, regular video tutorials to share, pay attention to Java after reply, pick up Songge’s carefully prepared Java dry goods for you!
Is Spring Boot so hard to support Https?