配置 HTTPS 支持
通过参数进行配置
- server.port=8443
一般来说 都是在443端口 - server.ssl.*
• server.ssl.key-store 配置用到的ssl的证书的信息
• server.ssl.key-store-type,一般来说使用JKS或者PKCS12类型
• server.ssl.key-store-password=secret 提供key-store的密码
生成证书文件
命令
- keytool -genkey -alias 证书的别名
-storetype 仓库类型 -keyalg 算法 -keysize 长度
-keystore 文件名 -validity 有效期
说明
- 仓库类型,JKS、JCEKS、PKCS12 等
- 算法,RSA、DSA 等
- 长度,例如 2048
在 terminal 中输入 keytool -genkey -alias springbucks -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore springbucks.p12 -validity 365 使用keytool 生成一个keystore
含义:生成一个 springbucks.p12 的 keytool 用的RSA算法 2048位的长度 有效期是365天
会生成一个 springbucks.p12 的文件 这就是我们的keystore
客户端 HTTPS 支持
配置 HttpClient ( >= 4.4 )
-
通过SSLContextBuilder 构造 SSLContext
-
setSSLHostnameVerifier(new NoopHostnameVerifier())
设置 HttpClient 不去校验 Hostname
配置 RequestFactory
- HttpComponentsClientHttpRequestFactory
• setHttpClient()
用上面配置的HttpClient(
例子1
customer
目录
@SpringBootApplication
@Slf4j
public class CustomerServiceApplication {
@Value("${security.key-store}")
private Resource keyStore;
@Value("${security.key-pass}")
private String keyPass;
public static void main(String[] args) {
new SpringApplicationBuilder()
.sources(CustomerServiceApplication.class)
.bannerMode(Banner.Mode.OFF)
.web(WebApplicationType.NONE)
.run(args);
}
@Bean
public HttpComponentsClientHttpRequestFactory requestFactory() {
SSLContext sslContext = null;
try {
sslContext = SSLContextBuilder.create()//创建一个SSLContex
// 会校验证书
.loadTrustMaterial(keyStore.getURL(), keyPass.toCharArray()) //这个方法需要一个url 和 一个char数组
// 放过所有证书校验
// .loadTrustMaterial(null, (certificate, authType) -> true)
.build();
} catch(Exception e) {
log.error("Exception occurred while creating SSLContext.", e);
}
CloseableHttpClient httpClient = HttpClients.custom()
.evictIdleConnections(30, TimeUnit.SECONDS)
.setMaxConnTotal(200)
.setMaxConnPerRoute(20)
.disableAutomaticRetries()
.setKeepAliveStrategy(new CustomConnectionKeepAliveStrategy())
.setSSLContext(sslContext)//设置SSLContext
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)//设置Hostname校验
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory(httpClient);//将httpClient放入
return requestFactory;
}
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) { //定制restTemplate
return builder
.setConnectTimeout(Duration.ofMillis(100))
.setReadTimeout(Duration.ofMillis(500))
.requestFactory(this::requestFactory)
.build();
}
}
application.properties
waiter.service.url=https://localhost:8443
security.key-store=classpath:springbucks.p12
security.key-pass=123123
pom
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.joda</groupId>
<artifactId>joda-money</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.7</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
waiter
目录
@SpringBootApplication
@EnableJpaRepositories
@EnableCaching
public class WaiterServiceApplication implements WebMvcConfigurer {
public static void main(String[] args) {
SpringApplication.run(WaiterServiceApplication.class, args);
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new PerformanceInteceptor())
.addPathPatterns("/coffee/**").addPathPatterns("/order/**");
}
@Bean
public Hibernate5Module hibernate5Module() {
return new Hibernate5Module();
}
@Bean
public Jackson2ObjectMapperBuilderCustomizer jacksonBuilderCustomizer() {
return builder -> {
builder.indentOutput(true);
builder.timeZone(TimeZone.getTimeZone("Asia/Shanghai"));
};
}
}
application.properties
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.show_sql=true
spring.jpa.properties.hibernate.format_sql=true
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
info.app.author=DigitalSonic
info.app.encoding=@project.build.sourceEncoding@
server.port=8443
server.ssl.key-store=classpath:springbucks.p12
server.ssl.key-store-type=PKCS12
#类型
server.ssl.key-store-password=123123
结果1
因为我的java版本为1.7 版本不支持 所以无法演示
在 terminal 中 输入 https://localhost:8443/coffee/1 我们会发现 报错 原因是我们自己颁发的证书是不受信的
我们 可以通过 -k 的参数来接受这个不安全的证书 用 -v 来打印证书信息
配置 HTTP/2 支持
前提条件
- Java 的 JDK 版本 >= JDK 9
- Tomcat 的版本 >= 9.0.0
- Spring Boot 不支持 h2c,需要先配置 SSL
配置项
- server.http2.enabled
客户端 HTTP/2 支持
HTTP 库选择
- OkHttp( com.squareup.okhttp3:okhttp:3.14.0 )
• OkHttpClient
RestTemplate 配置
- OkHttp3ClientHttpRequestFactory
例子2
目录如上
CustomerServiceApplication
@SpringBootApplication
@Slf4j
public class CustomerServiceApplication {
@Value("${security.key-store}")
private Resource keyStore;
@Value("${security.key-pass}")
private String keyPass;
public static void main(String[] args) {
new SpringApplicationBuilder()
.sources(CustomerServiceApplication.class)
.bannerMode(Banner.Mode.OFF)
.web(WebApplicationType.NONE)
.run(args);
}
@Bean
public ClientHttpRequestFactory requestFactory() {
OkHttpClient okHttpClient = null;
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(this.keyStore.getInputStream(), keyPass.toCharArray());//加载用户名 和 密码
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());//获取默认算法
tmf.init(keyStore);//将之前配置好的keyStore 放入
SSLContext sslContext = SSLContext.getInstance("TLS");//根据 "TLS" 取出 Context
sslContext.init(null, tmf.getTrustManagers(), null);//将tmf.getTrustManagers()放入
//上面的代码 基本上 为模板代码
okHttpClient = new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0])
.hostnameVerifier((hostname, session) -> true)//对于hostname不做校验
.build();
} catch (Exception e) {
log.error("Exception occurred!", e);
}
return new OkHttp3ClientHttpRequestFactory(okHttpClient);
}
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
return builder
.setConnectTimeout(Duration.ofMillis(100))
.setReadTimeout(Duration.ofMillis(500))
.requestFactory(this::requestFactory)
.build();
}
}
customer pom
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.joda</groupId>
<artifactId>joda-money</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>3.14.0</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
waiter application.properties
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.show_sql=true
spring.jpa.properties.hibernate.format_sql=true
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
info.app.author=DigitalSonic
info.app.encoding=@project.build.sourceEncoding@
server.http2.enabled=true
#开启http2.0的一个支持
server.port=8443
server.ssl.key-store=classpath:springbucks.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=spring
water pom
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.joda</groupId>
<artifactId>joda-money</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>org.jadira.usertype</groupId>
<artifactId>usertype.core</artifactId>
<version>6.0.1.GA</version>
</dependency>
<!-- 增加Jackson的Hibernate类型支持 -->
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-hibernate5</artifactId>
<version>2.9.8</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
结果2
操作和结果1 一样
来源:CSDN
作者:L# S@
链接:https://blog.csdn.net/weixin_43790623/article/details/104341704