Spring-boot-enable-ssl

Enable HTTPS in Spring Boot

This weekend I answered a question about enabling HTTPS in JHipster onstackoverflow that caught a lot of interest on Twitter so I decided to put a short post on it with some more useful details.

JHipster is a Spring Boot application with a lot of neat features and other frameworks completely integrated. The configuration is exactly the same like any other Spring Boot application, including the SSL settings. If you are interested to get a quick introduction on JHipster, feel free to take a look at my Start a modern Java web application with JHipster

If you are using Spring Boot and want to enable SSL (https) for your application on the embedded Tomcat there a few short steps you will need to take.

  1. Get yourself a SSL certificate: generate a self-signed certifcate or get one from a Certificate Authority
  2. Enable HTTPS in Spring Boot
  3. Redirect HTTP to HTTPS (optional)

Step 1: Get a SSL certificate

If you want to use SSL and serve your Spring Boot application over HTTPS you will need to get a certificate.

You have two options to get one. You can generate a self-signed certificate, which will most likely be what you’ll want to do in development since it’s the easiest option. This usually isn’t a good option in production since it will display a warning to the user that your certificate is not trusted.

The other (production) option is to request one from a Certificate Authority. I’ve heard good things about SSLMate to buy your certificate for a reasonable price with excellent support. There are some providers that are able to give out free certificates but usually you’ll have problems down the line if you have any issues or problems (revocations).

Since we are developers, let’s generate a self-signed certificate to get started quickly with development of our application. Every Java Runtime Environment (JRE) comes bundled with a certificate management utility,keytool. This can be used to generate our self-signed certificate. Let’s have a look:

keytool -genkey -alias tomcat
-storetype PKCS12 -keyalg RSA -keysize 2048
-keystore keystore.p12 -validity 3650
 
Enter keystore password: 
Re-enter new password:
What is your first and last name?
  [Unknown]: 
What is the name of your organizational unit?
  [Unknown]: 
What is the name of your organization?
  [Unknown]: 
What is the name of your City or Locality?
  [Unknown]: 
What is the name of your State or Province?
  [Unknown]: 
What is the two-letter country code for this unit?
  [Unknown]: 
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

This will generate a PKCS12 keystore called keystore.p12 with your newly generate certificate in it, with certificate alias tomcat. You will need to reference keystore in a minute when we start to configure Spring Boot.

Step 2: Enable HTTPS in Spring Boot

By default your Spring Boot embedded Tomcat container will have HTTP on port 8080 enabled. Spring Boot lets you configure HTTP or HTTPS in the application.properties, but not both at once. If you want to enable both you will need to configure at least one programmatically. The Spring Boot reference documentation recommends configuring HTTPS in the application.properties since it’s the more complicated than HTTP.

Using configuration like the example above means the application will no longer support plain HTTP connector at port 8080. Spring Boot doesn’t support the configuration of both an HTTP connector and an HTTPS connector via application.properties. If you want to have both then you’ll need to configure one of them programmatically. It’s recommended to useapplication.properties to configure HTTPS as the HTTP connector is the easier of the two to configure programmatically. See the spring-boot-sample-tomcat-multi-connectors sample project for an example.

Funny enough despite their recommendation to configure HTTPS in the application.properties, their example does the exact opposite.

Let’s configure HTTPS in the default application.properties file undersrc/main/resources of your Spring Boot application:

server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: mypassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

That’s all you need to do to make your application accessible over HTTPS on https://localhost:8443, pretty easy right?

Step 3: Redirect HTTP to HTTPS (optional)

In some cases it might be a good idea to make your application accessible over HTTP too, but redirect all traffic to HTTPS.
To achieve this we’ll need to add a second Tomcat connector, but currently it is not possible to configure two connector in the application.properties like mentioned before. Because of this we’ll add the HTTP connector programmatically and make sure it redirects all traffic to our HTTPS connector.

For this we will need to add theTomcatEmbeddedServletContainerFactory bean to one of our@Configuration classes.

That’s all you need to do to make sure your application is always used over HTTPS!

Enable HTTPS in Spring Boot的更多相关文章

  1. Spring Boot Admin Reference Guide

    1. What is Spring Boot Admin? Spring Boot Admin is a simple application to manage and monitor your S ...

  2. 区块链使用Java,以太坊 Ethereum, web3j, Spring Boot

    Blockchain is one of the buzzwords in IT world during some last months. This term is related to cryp ...

  3. Spring Boot Cookbook 中文笔记

    Spring Boot Cookbook 一.Spring Boot 入门 Spring Boot的自动配置.Command-line Runner RESTful by Spring Boot wi ...

  4. 《Spring Boot Cook Book》阅读笔记

    最近一个月一直在学习Spring Boot框架,在阅读<Spring Boot Cook Book>一书的过程中,记录了一些学习笔记,在这里整理出一篇目录供大家参考. 一.Spring B ...

  5. Spring Boot Admin 的使用 2

    http://blog.csdn.net/kinginblue/article/details/52132113 ******************************************* ...

  6. Spring Boot 支持 HTTPS 如此简单,So easy!

    这里讲的是 Spring Boot 内嵌式 Server 打 jar 包运行的方式,打 WAR 包部署的就不存在要 Spring Boot 支持 HTTPS 了,需要去外部对应的 Server 配置. ...

  7. Spring Boot 支持 HTTPS 如此简单,So easy!

    这里讲的是 Spring Boot 内嵌式 Server 打 jar 包运行的方式,打 WAR 包部署的就不存在要 Spring Boot 支持 HTTPS 了,需要去外部对应的 Server 配置. ...

  8. Spring Boot @Enable*注解源码解析及自定义@Enable*

      Spring Boot 一个重要的特点就是自动配置,约定大于配置,几乎所有组件使用其本身约定好的默认配置就可以使用,大大减轻配置的麻烦.其实现自动配置一个方式就是使用@Enable*注解,见其名知 ...

  9. 在Spring Boot中使用Https

    本文介绍如何在Spring Boot中,使用Https提供服务,并将Http请求自动重定向到Https. Https证书 巧妇难为无米之炊,开始的开始,要先取得Https证书.你可以向证书机构申请证书 ...

随机推荐

  1. 房租管理小软件(七):flowlayoutPancel 中增加分类控

    见下图的 string FNodeName = dt.Rows[i]["FNodeName"].ToString(); ) { RoomControl.Thumbnail.Grou ...

  2. In place Merge(原地归并)

    数组al[0,mid-1] 和 al[mid,num-1],都分别有序.将其merge成有序数组al[0,num-1],要求空间复杂度O(1) 思路:一般的归并是需要O(n)的空间,而这里要求空间复杂 ...

  3. bzoj 1038 [ZJOI2008]瞭望塔(半平面交)

    [题目链接] http://www.lydsy.com/JudgeOnline/problem.php?id=1038 [题意] 找一个最低塔高使可以看到村庄的每一个角落. [思路] 半平面交 能够看 ...

  4. uva 11997 K Smallest Sums 优先队列处理多路归并问题

    题意:K个数组每组K个值,每次从一组中选一个,共K^k种,问前K个小的. 思路:优先队列处理多路归并,每个状态含有K个元素.详见刘汝佳算法指南. #include<iostream> #i ...

  5. 【原创】_INTSIZEOF 内存按照int对齐

    #include <stdarg.h> 里面定义了如下宏 #define _INTSIZEOF(n) ( (sizeof(n) + sizeof(int) - 1) & ~(siz ...

  6. 【Hadoop代码笔记】通过JobClient对Jobtracker的调用详细了解Hadoop RPC

    Hadoop的各个服务间,客户端和服务间的交互采用RPC方式.关于这种机制介绍的资源很多,也不难理解,这里不做背景介绍.只是尝试从Jobclient向JobTracker提交作业这个最简单的客户端服务 ...

  7. HW5.26

    public class Solution { public static void main(String[] args) { int totalCount = 0; int lineCount = ...

  8. inter

    网卡不稳定的罪魁祸首   近期新上的DB SERVER服务器,在压测中发现网卡很不稳定,压力测试刚刚进行十几分钟后,服务器反应就变得非常慢,PING的时候经常丢包而且SSH连接也时断时 续.刚开始以为 ...

  9. Android实例-LocationSensor位置传感器(XE8+小米2)

    结果: 1.启动后有时会闪退,后来重新做的工程就好了.原因不明(可能与地理反码有关). 2.原文是用的GOOGLE地图显示位置,但在咱们这里好像不行,改为百度,但百度用的是HTML文件.太麻烦了,大家 ...

  10. 高级C++开发工程师综合测试题(风林火山)

    题目要求:代码要求能够直接编译运行 1.       请实现一个函数:凑14:输入很多个整数(1<=数值<=13),任意两个数相加等于14就可以从数组中删除这两个数,求剩余数(按由小到大排 ...