我是 Spring 的新手。我想为 Spring 应用程序配置 ssl 证书。目前我正在使用外部 tomcat9 并配置了它的 8443 端口(工作正常):
Tomcat的server.xml:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true" >
<SSLHostConfig>
<Certificate certificateKeystoreFile="G:\apache-tomcat-9.0.39\conf\myexistingkey.jks"
certificateKeystorePassword="password"
certificateKeyAlias="tomcat"
type="RSA" />
</SSLHostConfig>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<absolute-ordering />
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
MyBasicAuthEntryPoint:
public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
@Override
public void commence(final HttpServletRequest request,
final HttpServletResponse response,
final AuthenticationException authException) throws IOException {
//Authentication failed, send error response.
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");
PrintWriter writer = response.getWriter();
writer.println("HTTP Status 401 : " + authException.getMessage());
}
@Override
public void afterPropertiesSet() {
setRealmName("MY_TEST_REALM");
super.afterPropertiesSet();
}
}
@Configuration
@EnableWebSecurity
public class BasicAuthenticationService extends WebSecurityConfigurerAdapter {
private static String REALM = "MY_TEST_REALM";
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password(passwordEncoder().encode("admin")).roles("USER");
System.out.println("configureGlobalSecurity");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("configure");
MyBasicAuthenticationEntryPoint authenticationEntryPoint;
authenticationEntryPoint = new MyBasicAuthenticationEntryPoint();
http.csrf().disable()
.authorizeRequests().anyRequest().authenticated().
and().
httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);
http.addFilterAfter(new CustomFilter(),
BasicAuthenticationFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
System.out.println("passwordEncoder");
return new BCryptPasswordEncoder();
}
class CustomFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
那么在 spring 中启用 SSL 需要在配置中进行哪些更改。我不能在 spring 配置中提及 keystore 路径,因为我已经在 tomcat 中配置了它。我也在使用 Jersey 进行 api 请求。
最佳答案
我正在使用 Spring Boot 2 和在 Ubuntu 18.04 上运行的外部 tomcat 9
获取 SSL 证书,我使用带有密码的 keytool 创建了一个自签名证书。
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
将 p12 文件存储在您的 apache 服务器上。我将它存储在/opt/tomcat
编辑您的 apache server.xml 文件以获得类似的内容。
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/opt/tomcat/keystore.p12" keystorePass="password"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"/>
完毕!
一旦你知道步骤是什么,它会非常快!只是不要忘记任何事情。
关于java - 外部tomcat中spring的SSL配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64767637/