欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

SpringBoot部署SSL證書(JKS格式)

 更新時(shí)間:2023年10月16日 09:58:40   作者:七七r  
文將介紹如何在Spring Boot應(yīng)用中部署SSL證書,以實(shí)現(xiàn)安全傳輸和保護(hù)數(shù)據(jù)隱私,具有一定的參考價(jià)值,感興趣的可以了解一下

1、SpringBoot項(xiàng)目如何部署SSL證書 (JKS格式)

1. 獲取 SSL 證書和私鑰

首先,你需要獲取有效的 SSL 證書和私鑰。SSL 證書是一種用于加密通信的數(shù)字證書,它可以通過購買商業(yè) SSL 證書或使用免費(fèi)的 Let’s Encrypt 證書獲得。請確保你擁有證書文件和與之對應(yīng)的私鑰文件,這通常是以 .pem 和 .key 結(jié)尾的文件或者是jks格式的,本文以jks格式的SSL證書為例。

2. 配置 Spring Boot 項(xiàng)目

接下來,我們將配置 Spring Boot 項(xiàng)目以使用 SSL。

2.0 項(xiàng)目環(huán)境

  • spring boot 2.2.2
  • maven
  • 一個(gè)域名(各大域名商有售,阿里、騰訊、華為)
  • SSL證書(阿里云上有免費(fèi)的SSL證書,有效期一年)

2.1 將 SSL 證書和私鑰文件添加到項(xiàng)目

將之前獲取的 SSL 證書和私鑰文件拷貝到 Spring Boot 項(xiàng)目中的 src/main/resources 目錄下。這樣,證書文件會與項(xiàng)目一起打包并在運(yùn)行時(shí)加載。

pPCuks1.png

2.2 配置 application.properties 或 application.yml

在 Spring Boot 項(xiàng)目的配置文件(application.properties 或 application.yml)中添加以下 SSL 相關(guān)配置:

server:
  port: 8856
  servlet:
    context-path: /
  ssl:
    enabled: true
    # 保存SSL證書的秘鑰庫的路徑
    key-store: classpath:ssl/xxx.com.jks
    key-store-password: xxx
    # 證書類型
    key-store-type: JKS
#    key-store-protocol: TLS

2.3 編寫controller進(jìn)行測試

添加一個(gè)controller,測試是否生效,測試結(jié)果如下:

pPCuAqx.png

通過上述訪問發(fā)現(xiàn),如果通過http訪問會提示訪問需要組合TLS,但是如果用戶直接通過這種方式訪問的話,存在著極差的用戶體驗(yàn)。

2.4 編寫配置類HTTP轉(zhuǎn)HTPPS

當(dāng)用戶使用http訪問的時(shí)候,將http協(xié)議重定向到https端口

(1)修改配置文件

custom:  # 自定義http啟動端口
  http-port: 8857

server:
  port: 8856
  servlet:
    context-path: /
  ssl:
    enabled: true
    #key-alias: alias-key # 別名(可以不進(jìn)行配置)
    # 保存SSL證書的秘鑰庫的路徑
    key-store: classpath:ssl/xxx.com.jks
    key-store-password: xxx
    # 證書類型
    key-store-type: JKS
#    key-store-protocol: TLS

(2)添加配置類

package org.pp.ssl.config;

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * https配置,將http請求全部轉(zhuǎn)發(fā)到https
 * @author P_P
 */
@Configuration
public class HttpsConfig {

    @Value("${custom.http-port: 8857}")
    private Integer httpPort;

    @Value("${server.port}")
    private Integer port;

    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        // 將http請求轉(zhuǎn)換為https請求
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                // 默認(rèn)為NONE
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                // 所有的東西都https
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }

    /**
     * 強(qiáng)制將所有的http請求轉(zhuǎn)發(fā)到https
     *
     * @return httpConnector
     */
    @Bean
    public Connector httpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        // connector監(jiān)聽的http端口號
        connector.setPort(httpPort);
        connector.setSecure(false);
        // 監(jiān)聽到http的端口號后轉(zhuǎn)向到的https的端口號
        connector.setRedirectPort(port);
        return connector;
    }
}

(3)啟動項(xiàng)目

添加配置類之后,啟動項(xiàng)目可以看到控制臺出現(xiàn)了https端口和http端口

pPCugFU.png

再次訪問測試接口,會發(fā)現(xiàn)地址欄出現(xiàn)了https

pPCuhl9.png

(4)同時(shí)開啟http和https
如果不想將http請求都轉(zhuǎn)發(fā)到https進(jìn)行處理,可以同時(shí)開啟http和https

/**
 * 同時(shí)開啟http和https
 * @author P_P
 */
import org.apache.catalina.connector.Connector;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpsConfig {
    @Value("${custom.http-port: 8857}")
    private Integer httpPort;

    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }

    @Bean
    public Connector httpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setPort(httpPort);
        return connector;
    }
}

這樣訪問8857(http協(xié)議)的端口就不會進(jìn)行轉(zhuǎn)發(fā)了

pPCuqYD.png

3、spring boot配置ssl證書,異常:Invalid keystore format

3.1環(huán)境介紹

springBoot中配置了一個(gè)bean,bean加載的時(shí)候,會進(jìn)行jks的加載,jks文件放在src/resources下,然后就報(bào)錯了,錯誤如下。

2023-08-03 22:22:27.261:[ERROR] [main:6839] [org.springframework.boot.SpringApplication.reportFailure:826] --> Application run failed 
org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215)
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553)
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
	at org.ee.authority.AuthorityApplication.main(AuthorityApplication.java:28)
  Caused by: java.lang.IllegalArgumentException: Invalid keystore format
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1142) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1228) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:586) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231)
	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278)
	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
	... 10 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
	... 12 common frames omitted
Caused by: java.lang.IllegalArgumentException: Invalid keystore format
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1142)
	at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1228)
	at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:586)
	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
	... 14 common frames omitted
Caused by: java.io.IOException: Invalid keystore format
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
	at java.security.KeyStore.load(KeyStore.java:1449)
	at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
	at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
	at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
	at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
	at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
	... 20 common frames omitted

3.2現(xiàn)象及原因分析

直接用main函數(shù)解析jks文件,一點(diǎn)毛病都沒有。但是打包后啟動Tomact再解析就不行,直接啟動單元測試(完整加載bean的形式)也不行。

后來發(fā)現(xiàn),在target文件夾下,jks文件的大小變了。查了資料,大概明白錯誤的根本原因了:maven編譯或者打包的時(shí)候,對文件的內(nèi)容進(jìn)行了修改(maven編譯的時(shí)候使用了占位符,替換的時(shí)候使文件發(fā)生了變化),這就導(dǎo)致了jks文件發(fā)生變化。

3.3解決方案

配置MAVEN過濾JKS等格式的文件,在pom的build配置中增加如下過濾配置,將jks過濾掉。(提一句,以下配置中也過濾了xlsx,是因?yàn)榇虬驟xcel文件也會壞掉)

<build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <configuration>
                    <encoding>${project.build.sourceEncoding}</encoding>
                    <useDefaultDelimiters>true</useDefaultDelimiters>
                    <includeEmptyDirs>true</includeEmptyDirs>
                    <!-- 證書文件 -->
                    <nonFilteredFileExtensions>
                        <nonFilteredFileExtension>pem</nonFilteredFileExtension>
                        <nonFilteredFileExtension>pfx</nonFilteredFileExtension>
                        <nonFilteredFileExtension>p12</nonFilteredFileExtension>
                        <nonFilteredFileExtension>key</nonFilteredFileExtension>
                        <nonFilteredFileExtension>xlsx</nonFilteredFileExtension>
                        <nonFilteredFileExtension>jks</nonFilteredFileExtension>
                    </nonFilteredFileExtensions>
                </configuration>
            </plugin>
            <!-- java文檔插件 -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
                <version>3.0.0</version>
            </plugin>
        </plugins>
    </build>

到此這篇關(guān)于SpringBoot部署SSL證書(JKS格式)的文章就介紹到這了,更多相關(guān)SpringBoot部署SSL證書內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

最新評論