Spring-boot-enable-ssl

Enable HTTPS in Spring Boot

This weekend I answered a question about enabling HTTPS in JHipster onstackoverflow that caught a lot of interest on Twitter so I decided to put a short post on it with some more useful details.

JHipster is a Spring Boot application with a lot of neat features and other frameworks completely integrated. The configuration is exactly the same like any other Spring Boot application, including the SSL settings. If you are interested to get a quick introduction on JHipster, feel free to take a look at my Start a modern Java web application with JHipster

If you are using Spring Boot and want to enable SSL (https) for your application on the embedded Tomcat there a few short steps you will need to take.

  1. Get yourself a SSL certificate: generate a self-signed certifcate or get one from a Certificate Authority
  2. Enable HTTPS in Spring Boot
  3. Redirect HTTP to HTTPS (optional)

Step 1: Get a SSL certificate

If you want to use SSL and serve your Spring Boot application over HTTPS you will need to get a certificate.

You have two options to get one. You can generate a self-signed certificate, which will most likely be what you’ll want to do in development since it’s the easiest option. This usually isn’t a good option in production since it will display a warning to the user that your certificate is not trusted.

The other (production) option is to request one from a Certificate Authority. I’ve heard good things about SSLMate to buy your certificate for a reasonable price with excellent support. There are some providers that are able to give out free certificates but usually you’ll have problems down the line if you have any issues or problems (revocations).

Since we are developers, let’s generate a self-signed certificate to get started quickly with development of our application. Every Java Runtime Environment (JRE) comes bundled with a certificate management utility,keytool. This can be used to generate our self-signed certificate. Let’s have a look:

keytool -genkey -alias tomcat
-storetype PKCS12 -keyalg RSA -keysize 2048
-keystore keystore.p12 -validity 3650
 
Enter keystore password: 
Re-enter new password:
What is your first and last name?
  [Unknown]: 
What is the name of your organizational unit?
  [Unknown]: 
What is the name of your organization?
  [Unknown]: 
What is the name of your City or Locality?
  [Unknown]: 
What is the name of your State or Province?
  [Unknown]: 
What is the two-letter country code for this unit?
  [Unknown]: 
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

This will generate a PKCS12 keystore called keystore.p12 with your newly generate certificate in it, with certificate alias tomcat. You will need to reference keystore in a minute when we start to configure Spring Boot.

Step 2: Enable HTTPS in Spring Boot

By default your Spring Boot embedded Tomcat container will have HTTP on port 8080 enabled. Spring Boot lets you configure HTTP or HTTPS in the application.properties, but not both at once. If you want to enable both you will need to configure at least one programmatically. The Spring Boot reference documentation recommends configuring HTTPS in the application.properties since it’s the more complicated than HTTP.

Using configuration like the example above means the application will no longer support plain HTTP connector at port 8080. Spring Boot doesn’t support the configuration of both an HTTP connector and an HTTPS connector via application.properties. If you want to have both then you’ll need to configure one of them programmatically. It’s recommended to useapplication.properties to configure HTTPS as the HTTP connector is the easier of the two to configure programmatically. See the spring-boot-sample-tomcat-multi-connectors sample project for an example.

Funny enough despite their recommendation to configure HTTPS in the application.properties, their example does the exact opposite.

Let’s configure HTTPS in the default application.properties file undersrc/main/resources of your Spring Boot application:

server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: mypassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

That’s all you need to do to make your application accessible over HTTPS on https://localhost:8443, pretty easy right?

Step 3: Redirect HTTP to HTTPS (optional)

In some cases it might be a good idea to make your application accessible over HTTP too, but redirect all traffic to HTTPS.
To achieve this we’ll need to add a second Tomcat connector, but currently it is not possible to configure two connector in the application.properties like mentioned before. Because of this we’ll add the HTTP connector programmatically and make sure it redirects all traffic to our HTTPS connector.

For this we will need to add theTomcatEmbeddedServletContainerFactory bean to one of our@Configuration classes.

That’s all you need to do to make sure your application is always used over HTTPS!

Enable HTTPS in Spring Boot的更多相关文章

  1. Spring Boot Admin Reference Guide

    1. What is Spring Boot Admin? Spring Boot Admin is a simple application to manage and monitor your S ...

  2. 区块链使用Java,以太坊 Ethereum, web3j, Spring Boot

    Blockchain is one of the buzzwords in IT world during some last months. This term is related to cryp ...

  3. Spring Boot Cookbook 中文笔记

    Spring Boot Cookbook 一.Spring Boot 入门 Spring Boot的自动配置.Command-line Runner RESTful by Spring Boot wi ...

  4. 《Spring Boot Cook Book》阅读笔记

    最近一个月一直在学习Spring Boot框架,在阅读<Spring Boot Cook Book>一书的过程中,记录了一些学习笔记,在这里整理出一篇目录供大家参考. 一.Spring B ...

  5. Spring Boot Admin 的使用 2

    http://blog.csdn.net/kinginblue/article/details/52132113 ******************************************* ...

  6. Spring Boot 支持 HTTPS 如此简单,So easy!

    这里讲的是 Spring Boot 内嵌式 Server 打 jar 包运行的方式,打 WAR 包部署的就不存在要 Spring Boot 支持 HTTPS 了,需要去外部对应的 Server 配置. ...

  7. Spring Boot 支持 HTTPS 如此简单,So easy!

    这里讲的是 Spring Boot 内嵌式 Server 打 jar 包运行的方式,打 WAR 包部署的就不存在要 Spring Boot 支持 HTTPS 了,需要去外部对应的 Server 配置. ...

  8. Spring Boot @Enable*注解源码解析及自定义@Enable*

      Spring Boot 一个重要的特点就是自动配置,约定大于配置,几乎所有组件使用其本身约定好的默认配置就可以使用,大大减轻配置的麻烦.其实现自动配置一个方式就是使用@Enable*注解,见其名知 ...

  9. 在Spring Boot中使用Https

    本文介绍如何在Spring Boot中,使用Https提供服务,并将Http请求自动重定向到Https. Https证书 巧妇难为无米之炊,开始的开始,要先取得Https证书.你可以向证书机构申请证书 ...

随机推荐

  1. jdbc三种常见用法

    import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sq ...

  2. FZU 2105-Digits Count(线段树延时标记)

    题意: 每次操作区间每个数进行一种(&或|.或^ )给定的一个数,到sum时统计给定区间的和. 分析: 这个题让我觉得我的思维很不活跃,对懒惰标记理解,还远远不够,通过这道题我对懒惰标记加深了 ...

  3. 【整理】C++虚函数及其继承、虚继承类大小

    参考文章: http://blog.chinaunix.net/uid-25132162-id-1564955.html http://blog.csdn.net/haoel/article/deta ...

  4. NOIP2005 谁拿了最多奖学金

    1谁拿了最多奖学金 (scholar.pas/c/cpp) [问题描述] 某校的惯例是在每学期的期末考试之后发放奖学金.发放的奖学金共有五种,获取的条件各自不同: 1)     院士奖学金,每人800 ...

  5. Magento 切换成中文后没有数据信息解决办法

    进入后台的, 选择CMS---pages, 看到这个么? 如果这里显示的不是所有商店界面的话, 就点击进去,然后选择所有商店界面: 如下所示: 再点击保存就可以了.

  6. SQL Server Cpu 100% 的常见原因及优化

    SQL Server Cpu 100% 的情况并不太常见,一般引起 SQL Server 产生性能问题的,都是 阻塞.连接数.IO 磁盘等.所以,一般SQL Server 的使用率都是比较低的.但是, ...

  7. POJ 2749--Building roads(2-SAT)

    题意:John有n个牛棚,每个牛棚都住着一些牛,这些牛喜欢串门(drop around, 学到了...),所以John想要建几条路把他们连接起来.他选择的方法是建两个相连中转站,然后每个牛棚连接其中一 ...

  8. Delphi外挂开发网站

    http://cheatengine.org/http://wenku.baidu.com/view/2d5de818964bcf84b9d57b15.html   [delphi外G]http:// ...

  9. 射频识别技术漫谈(12)——三次相互认证【worldsing笔记】

    射频识别系统中由于卡片和读写器并不是固定连接为一个不可分割的整体,二者在进行数据通讯前如何确信对方的合法身份就变得非常重要.根据安全级别的要求不同,有的系统不需认证对方的身份,例如大多数的TTF模式的 ...

  10. 背景透明文字不透明的最佳方法兼容IE(以背景黑色透明度0.5为例)

    以背景黑色,透明度0.5举例为大家详细介绍下关于背景透明,文字不透明的最佳方法同时兼容IE,具体实现如下,感兴趣的朋友可以参考下哈希望对大家有所帮助 以背景黑色,透明度0.5举例 非IE:backgr ...