To enable an application using Spring Boot to use secure connection, follow the steps described
below.
1. Generate the certificate.
Use Java's keytool utility to generate a self-signed certificate or by one.
For self-signed certificate, do:
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
This command generates the file keystore.p12, a PKCS12 keystore containing the certificate in it and using "tomcat" as alias.
Output example:
$ keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
Password?: tomcat Again: tomcat Your first and last names? [Unknown]: john doe Organizational unit? [Unknown]: unitOne Your company's name? [Unknown]: myEnterprise Your city or locality? [Unknown]: Rio de Janeiro Your state? [Unknown]: RJ Your country - two letters? [Unknown]: BR
Move the generated file to project's root dir.
Example:
- windows:
move keystore.p12 $PROJECT_ROOTDIR
- *nix:
mv keystore.p12 $PROJECT_ROOTDIR
2. Set project's configuration file.
If using yaml and MySQL, it could be something like shown below, otherwise, if using ".properties" just convert to its notation using dots ('.'). Example: server.contextPath=/
server:
contextPath: /
spring:
profiles:
active: dev #if using profile
---
spring:
profiles: dev, default
server:
port: 8443 #default HTTPS
ssl:
key-store: keystore.p12
key-store-password: tomcat
keyStoreType: PKCS12
keyAlias: tomcat
datasource:
setget:
url: jdbc:mysql://localhost:3306/myproject
username: adminName
password: myPass
# driverClassName: org.gjt.mm.mysql.Driver
driverClassName: com.mysql.jdbc.Driver
defaultSchema: mySchema
maxPoolSize: 20
hibernate:
# dialect: org.hibernate.dialect.MySQLDialect
dialect: org.hibernate.dialect.MySQL5Dialect
hbm2ddl.method: update
show_sql: true
format_sql: true
3. Create a @SpringBootApplication class:
br.com.setget.control.TomcatTwoConnectorsApplication
package br.com.setget.control;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class TomcatTwoConnectorsApplication {
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
3b. If it is used a not proper configuration class, the application may fail to start.
In such cases, it may return a message file when the http redirection fails, for instance, like this:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate
[org.springframework.web.servlet.HandlerMapping]: Factory method 'defaultServletHandlerMapping' threw exception;
nested exception is java.lang.IllegalArgumentException: A ServletContext is required to configure default servlet handling
Caused by: java.lang.IllegalArgumentException: A ServletContext is required to configure default servlet handling
This procedure was created based on the documentation below wich may be used as complementary searching source.
Thanks to the authors.
https://drissamri.be/blog/java/enable-https-in-spring-boot/
https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-tomcat-multi-connectors
No comments:
Post a Comment