springboot整合https
时间: 2023-09-12 10:06:25 浏览: 54
要在Spring Boot中实现HTTPS,你需要做以下几个步骤:
1. 生成SSL证书:首先,你需要生成一个SSL证书,用于加密和验证HTTPS连接。你可以使用工具如OpenSSL来生成自签名证书,或者购买一个由公共CA(Certificate Authority)签名的证书。
2. 配置Spring Boot应用程序:在Spring Boot应用程序的配置文件中,你需要指定HTTPS相关的配置。这包括端口号、SSL证书和密钥的位置等信息。
```properties
server.port=8443
server.ssl.key-store-type=JKS
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=password
server.ssl.key-alias=myapp
```
你可以根据自己的证书和密码进行配置。
3. 启用HTTPS支持:在Spring Boot应用程序的入口类上添加`@EnableWebSecurity`和`@Configuration`注解,创建一个配置类来启用HTTPS支持。
```java
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpHeaders;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.StreamUtils;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletResponse;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${server.ssl.key-store-password}")
private String keyStorePassword;
@Value("${server.ssl.key-alias}")
private String keyAlias;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requiresChannel().anyRequest().requiresSecure();
http.csrf().disable();
http.headers().addHeaderWriter(
new StaticHeadersWriter(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,
"authorization,cache-control,content-type"));
http.headers().addHeaderWriter(
new StaticHeadersWriter(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS,
"GET,HEAD,POST,PUT,DELETE,OPTIONS"));
http.headers().addHeaderWriter(
new StaticHeadersWriter(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"));
http.headers().addHeaderWriter(
new StaticHeadersWriter(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800"));
http.addFilterAfter(new CustomFilter(), HeaderWriterFilter.class);
}
private Filter customFilter() {
return new CustomFilter();
}
private class CustomFilter extends UsernamePasswordAuthenticationFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
// Your custom logic here
}
}
}
```
这个配置类将启用HTTPS,并配置了一些安全相关的设置,如禁用CSRF保护、允许跨域请求等。
4. 运行应用程序:启动Spring Boot应用程序,并通过HTTPS访问应用程序的URL,例如`https://localhost:8443`。
这样,你的Spring Boot应用程序就会通过HTTPS进行安全的通信了。请注意,为了使SSL证书生效,你需要将证书文件(例如`keystore.jks`)放置在类路径下,或者在配置文件中指定正确的证书路径。
希望这些步骤对你有帮助!如果有任何疑问,请随时提问。