我已经尝试使用最新版本的启动应用程序,想要确保其余api ssl的安全,我在下面做了 创建密钥库并将其放入项目类路径中,服务器已启动,启动没有问题,但无法发送请求8080或8443,以下是配置,
server.ssl.key-store = KeyStore.p12 server.ssl.key-store-password = shashank server.ssl.key-alias = mydomain server.ssl.key-password = shashank
@Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(getHttpConnector()); return tomcat; } private Connector getHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("https"); connector.setPort(8080); connector.setSecure(true); connector.setRedirectPort(8443); }
INFO 84898 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer:Tomcat已在以下端口上启动:enter image description here 具有上下文路径'/ event-processing'的8443(https)8080(https)
由于这是自签名证书,因此显示“此证书未从第三方验证”
这里的目的是使所有其余api都使用https enter image description here
答案 0 :(得分:0)
尝试这些更改:
修改application.properties
,将server.ssl.key-store
中的keystore.p12
参数值编辑为KeyStore.p12
server.ssl.key-store: keystore.p12
将TomcatEmbeddedServletContainerFactory bean添加到@Configuration类(任意一个)。
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
答案 1 :(得分:0)
我遇到了带有自签名证书的问题,并通过在服务器计算机而不是本地计算机中制作证书来解决该问题,因此您应该运行在服务器计算机中制作证书的keytool命令并使用该.p12项目中生成的文件,一切都会按预期进行。