Last active
November 17, 2020 14:25
-
-
Save ThomasVitale/957198495913f3fe4f50c5a5a8933db5 to your computer and use it in GitHub Desktop.
How to enable HTTPS in a Spring Boot Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Define a custom port instead of the default 8080 | |
server.port=8443 | |
# Tell Spring Security (if used) to require requests over HTTPS | |
security.require-ssl=true | |
# The format used for the keystore | |
server.ssl.key-store-type=PKCS12 | |
# The path to the keystore containing the certificate | |
server.ssl.key-store=classpath:keystore.p12 | |
# The password used to generate the certificate | |
server.ssl.key-store-password=password | |
# The alias mapped to the certificate | |
server.ssl.key-alias=tomcat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Configuration | |
public class ConnectorConfig { | |
@Bean | |
public EmbeddedServletContainerFactory servletContainer() { | |
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { | |
@Override | |
protected void postProcessContext(Context context) { | |
SecurityConstraint securityConstraint = new SecurityConstraint(); | |
securityConstraint.setUserConstraint("CONFIDENTIAL"); | |
SecurityCollection collection = new SecurityCollection(); | |
collection.addPattern("/*"); | |
securityConstraint.addCollection(collection); | |
context.addConstraint(securityConstraint); | |
} | |
}; | |
tomcat.addAdditionalTomcatConnectors(getHttpConnector()); | |
return tomcat; | |
} | |
private Connector getHttpConnector() { | |
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); | |
connector.setScheme("http"); | |
connector.setPort(8080); | |
connector.setSecure(false); | |
connector.setRedirectPort(8443); | |
return connector; | |
} | |
} |
// Updated file - spring boot 2.0.x
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ConnectorConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat =
new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
one more thing changed in Spring Boot 2 and doesn't work after upgrade:
security.require-ssl=true
is now depricated and looks like there no obvious replacement
use this instead
server.ssl.enabled=true
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@stefantwog if you are wondering where did EmbeddedServletContainerFactory and TomcatEmbeddedServletContainerFactory classes go in the latest version of Spring boot (> 2.0.x), these have been renamed to ServletWebServerFactory and TomcatServletWebServerFactory respectively. Refer to the following link: spring-projects/spring-boot@67556ba