使用默认的http,使用localhost别名以及localhost ip地址时,对Spring Boot项目的RESTful调用工作正常。 http://localhost:8080/getCall和&http://xx.xx.xx.xx:8443/getCall。
在项目上启用https时,使用localhost别名(而不是localhost IP地址)的调用可以正常工作,这会导致http错误0。 https://localhost:8443/getCall工作,https://xx.xx.xx.xx:8443/getCall不工作。奇怪的是,直接通过Chrome浏览器调用https://xx.xx.xx.xx:8443/getCall时,我进入了“继续谨慎”页面,然后继续操作,问题就完全消失了。虽然这是一个hack,但仍需要解决。
这是用于启用https。的代码。 在WebSecurityConfigurerAdapter子类内部,并重写方法;配置(HttpSecurity http):
http.requiresChannel().antMatchers("/**").requiresSecure();
在application.properties中,位于src / main / resources中(还使用命令行工具在其中驻留了myRecepientsCert.p12):
server.port=8443
security.require-ssl=true
server.ssl.key-store=classpath:myRecepientsCert.p12
server.ssl.key-store-password=not-telling
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=myRecepientCert
这是我正在使用的示例项目的完整代码。
MyRestController
package com.learnspring.SpringBootHttps;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@RestController
@CrossOrigin("*")
public class MyRestController {
public class POJOForJSON {
public String key;
public String key2;
}
@RequestMapping(value = "/getCall", method = RequestMethod.GET, produces = "application/json")
public POJOForJSON getCall() {
POJOForJSON json = new POJOForJSON();
json.key = "value";
json.key2 = "value2";
return json;
}
@RequestMapping(value = "/postCall", method = RequestMethod.POST, produces = "application/json")
public POJOForJSON postCall() {
POJOForJSON json = new POJOForJSON();
json.key = "value";
json.key2 = "value2";
return json;
}
}
SpringBootHttpsApplication
package com.learnspring.SpringBootHttps;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringBootHttpsApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootHttpsApplication.class, args);
}
}
WebSecurityConfig
import java.util.Arrays;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors() // allow CORS calls with @CrossOrigin annotation on restful call
.and().csrf().disable()
.authorizeRequests().antMatchers("/**").permitAll();
http.requiresChannel()
.antMatchers("/**").requiresSecure();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
// configuration.setAllowedOrigins(Arrays.asList("http://localhost:8100"));
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Content-Type", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "Access-Control-Allow-Methods", "x-authorization-firebase"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
答案 0 :(得分:0)
为回答这个问题,自签名证书正在执行应做的事情。它们不会自动被信任,而是用于TEST / DEV环境。您需要具有针对PROD环境的公开签名的证书。为此,我尚未发现(但我认为,如果您有帐户,可以从AWS上获得它。)