【问题标题】:SSL Configuration for spring in External tomcat外部tomcat中spring的SSL配置
【发布时间】:2021-02-22 07:35:57
【问题描述】:

我是春天的新手。我想为 Spring 应用程序配置 ssl 证书。目前我正在使用外部 tomcat9 并配置了它的 8443 端口(工作正常):

tomcat的server.xml:

<Connector port="8443"
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       maxThreads="150"
       SSLEnabled="true"
       scheme="https"
       secure="true" >
<SSLHostConfig>
    <Certificate certificateKeystoreFile="G:\apache-tomcat-9.0.39\conf\myexistingkey.jks"
                 certificateKeystorePassword="password"
                 certificateKeyAlias="tomcat"
                 type="RSA" />
</SSLHostConfig>

在应用中:

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <absolute-ordering />

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>securedapp</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
</web-app>

并使用 Spring Security 设置基本身份验证,例如: MyBasicAuthEntryPoint:

public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

    @Override
    public void commence(final HttpServletRequest request,
                         final HttpServletResponse response,
                         final AuthenticationException authException) throws IOException {
        //Authentication failed, send error response.
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");

        PrintWriter writer = response.getWriter();
        writer.println("HTTP Status 401 : " + authException.getMessage());
    }

    @Override
    public void afterPropertiesSet()  {
        setRealmName("MY_TEST_REALM");
        super.afterPropertiesSet();
    }
 }

和 BasicAuthService:

@Configuration
@EnableWebSecurity
public class BasicAuthenticationService extends WebSecurityConfigurerAdapter {

    private static String REALM = "MY_TEST_REALM";

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password(passwordEncoder().encode("admin")).roles("USER");
          System.out.println("configureGlobalSecurity");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("configure");
        MyBasicAuthenticationEntryPoint authenticationEntryPoint;

        authenticationEntryPoint = new MyBasicAuthenticationEntryPoint();
        http.csrf().disable()
                .authorizeRequests().anyRequest().authenticated().
                and().
                httpBasic()
                .authenticationEntryPoint(authenticationEntryPoint);

        http.addFilterAfter(new CustomFilter(),
                BasicAuthenticationFilter.class);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        System.out.println("passwordEncoder");
        return new BCryptPasswordEncoder();
    }


    class CustomFilter implements Filter {
        @Override
        public void init(FilterConfig filterConfig) throws ServletException {

        }

        @Override
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            filterChain.doFilter(servletRequest, servletResponse);
        }

        @Override
        public void destroy() {

        }
    }

但是当我尝试访问其中一个 api 时,我得到 404。出于测试目的,添加了 index.jsp 和一些示例内容。部署后运行良好。

那么在spring 中启用SSL 需要在配置中进行哪些更改。我不能在 spring 配置中提及 keystore 路径,因为我已经在 tomcat 中配置了它。我也在使用 Jersey 进行 api 请求。

【问题讨论】:

    标签: java spring spring-boot ssl tomcat9


    【解决方案1】:

    我正在使用 Spring Boot 2 和在 Ubuntu 18.04 上运行的外部 tomcat 9

    获取 SSL 证书,我使用带有密码的 keytool 创建了一个自签名证书。 https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

    将 p12 文件存储在您的 apache 服务器上。我把它存储在 /opt/tomcat 中

    编辑您的 apache server.xml 文件以获得类似的内容。

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
          maxThreads="150" scheme="https" secure="true"
          keystoreFile="/opt/tomcat/keystore.p12" keystorePass="password" 
          clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"/>
    

    重启Tomcat

    完成!

    一旦你知道了步骤是非常快的!只是不要忘记任何事情。

    【讨论】:

      猜你喜欢
      • 2011-08-27
      • 2016-09-02
      • 2017-11-24
      • 2012-07-13
      • 2012-04-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-08-01
      相关资源
      最近更新 更多