一、使用JDK keytool創建SSL證書
進入$JAVA_HOME/bin目錄,運行以下命令
keytool -genkey -alias WeChatAppletsDemo -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/keys/weChat.keystore -storepass 123456
keytool
-genkey
-alias (別名)
-keypass (別名密碼)
-keyalg (算法)
-keysize (密鑰長度)
-validity (有效期,天單位)
-keystore (指定生成證書的位置和證書名稱)
-storepass (獲取keystore信息的密碼)
在創建密鑰的時候,算法記得將$JAVA_HOME/jre/lib/security/java.security文件中的keystore配置設置與命令一致
注意:keys文件夾需要提前創建,否則會報錯
之后按提示進行操作,步驟如下:
二、為SpringBoot配置https
將生成的證書文件放入項目的resources文件夾中。
配置propertis文件
server.http.port屬性用於開啟http端口,將其重定向到https端口中
創建配置一個WebConfig類
package org.yoki.edu.portal.web.config; import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory; import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Value("${server.port}") private int serverPort; @Value("${server.http.port}") private int serverHttpPort; /** * 解決跨域問題 * @param registry */ @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT") .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers","accessToken") .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials") .allowCredentials(true).maxAge(3600); } @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //需要重定向的http端口 connector.setPort(serverHttpPort); connector.setSecure(false); //設置重定向到https端口 connector.setRedirectPort(serverPort); return connector; } }
三、測試訪問
訪問http://localhost:8081將自動跳轉到https://localhost:8433,如下圖所示
