Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to add HTTPS support for Web". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to add HTTPS support for Web".

What is https?

To talk about https, we have to first say SSL (Secure Sockets Layer), which is a security protocol that provides security and data integrity for network communications. SSL encrypts network connections at the network transport layer. SSL protocol can be divided into two layers: SSL recording protocol (SSL Record Protocol), which is based on reliable transmission protocols such as TCP, and provides basic functions such as data encapsulation, compression and encryption for high-level protocols; SSL handshake protocol (SSL Handshake Protocol), which is based on SSL recording protocol, is used to authenticate, negotiate encryption algorithms, exchange encryption keys and so on before the actual data transmission begins. In Web development, we implement SSL through HTTPS. HTTPS is a HTTP channel aimed at security. To put it simply, it is the secure version of HTTP, that is, adding a SSL layer under HTTP, so the security foundation of HTTPS is SSL. However, there is one place we need to pay attention to, that is, we now use the TLS protocol (Transport Layer Security, which comes from SSL) rather than SSL, but because SSL appeared earlier and is supported by major browsers, it has become synonymous with HTTPS. You can think of the relationship between HTTPS and SSL as the relationship between iPhone and Futukang. That's about it.

Certificate generation

Using SSL requires our husband to become a certificate. This certificate can be generated by ourselves or obtained from SSL Certificate Authorization Center. The certificate generated by ourselves is not recognized by the client, and what is obtained from the authorization center can be recognized by the client. There are many service providers that provide SSL authorization certificate. Friends who are interested can find it on their own. Let me take the certificate generated by myself as an example.

The generation method is also very simple, using the command keytool that comes with java directly. The generation command is as follows:

Keytool-genkey-alias tomcat-storetype PKCS12-keyalg RSA-keysize 2048-keystore keystore.p12-validity 3650

Here is the meaning of several parameters. Let me briefly say:

1.-storetype specifies the KeyStore type

The algorithm name of the 2.-keyalg health certificate. RSA is an asymmetric encryption algorithm.

3.-keysize certificate size

The storage path of the certificate file generated by 4.-keystore

Validity period of 5.-validity certificate

OK, after the execution of the above command, a keystore.p12 file will be generated under the current user directory of your system (if you modify the name of the certificate file that is the name you modified), copy this file to the root directory of our project, and then modify the application.properties file to add HTTPS support. Add the following code to application.properties:

Server.ssl.key-store=keystore.p12server.ssl.key-store-password=111111server.ssl.keyStoreType=PKCS12server.ssl.keyAlias:tomcat

The first line specifies the signature file, the second line specifies the signature password, the third line specifies the key store type, and the fourth line is the alias. OK, so that after the configuration is complete, we can access our Web through HTTPS. The access result is as follows:

Of course, here I changed the default port to 8443 in the CustomServletContainer class

HTTP automatically turns to HTTPS

HTTPS is certainly not enough. Many users may not know that users may continue to use HTTP to visit your website. At this time, we need to add the function that HTTP automatically turns to HTTPS, which automatically changes to HTTPS when users use HTTP for access. This configuration is very simple, just add the corresponding redirection Bean in the entry class, as follows:

@ Bean public EmbeddedServletContainerFactory servletContainer () {TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory () {@ Override protected void postProcessContext (Context context) {SecurityConstraint constraint = new SecurityConstraint (); constraint.setUserConstraint ("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection (); collection.addPattern ("/ *"); constraint.addCollection (collection) Context.addConstraint (constraint);}}; tomcat.addAdditionalTomcatConnectors (httpConnector ()); return tomcat;} @ Bean public Connector httpConnector () {Connector connector = new Connector ("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme ("http"); / / Port number connector.setPort (8080) of the http that Connector listens to Connector.setSecure (false); / / https port number connector.setRedirectPort (8443) to which the https port number is monitored after listening to the https port number; return connector;}

At this time, when we access http://localhost:8080, the system will automatically redirect to the address of https://localhost:8443. The Connector here is actually the Connector node of Tomcat that we configured in xml when we first came into contact with jsp.

Thank you for your reading, the above is the content of "how to add HTTPS support for Web". After the study of this article, I believe you have a deeper understanding of how to add HTTPS support for Web, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.