增加ssl

2019-08-04 00:58:53 +08:00
parent 63e20b12ca
commit 49cfb119c4
3 changed files with 50 additions and 0 deletions
--- a/src/main/java/com/jsh/erp/config/SSLConfig.java
+++ b/src/main/java/com/jsh/erp/config/SSLConfig.java
@@ -0,0 +1,43 @@
+package com.jsh.erp.config;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Connector;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@ConditionalOnExpression(value = "${server.ssl.enable:true}")
+@Configuration
+public class SSLConfig {
+
+    @Bean
+    public Connector connector(){
+        Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
+        connector.setScheme("http");
+        connector.setPort(80);
+        connector.setSecure(false);
+        connector.setRedirectPort(443);
+        return connector;
+    }
+
+    @Bean
+    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
+        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
+            @Override
+            protected void postProcessContext(Context context) {
+                SecurityConstraint securityConstraint=new SecurityConstraint();
+                securityConstraint.setUserConstraint("CONFIDENTIAL");
+                SecurityCollection collection=new SecurityCollection();
+                collection.addPattern("/*");
+                securityConstraint.addCollection(collection);
+                context.addConstraint(securityConstraint);
+            }
+        };
+        tomcat.addAdditionalTomcatConnectors(connector);
+        return tomcat;
+    }
+
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,4 +1,11 @@
 server.port=8080
+#server.port=443
+#server.ssl.key-store=classpath:jishenghua.jks
+#server.ssl.key-alias=alias
+#server.ssl.key-store-password=password
+#server.ssl.key-store-type=JKS
+#ssl的开关
+server.ssl.enable=false
 #登录超时-秒
 server.servlet.session.timeout=36000
 #数据库连接
--- a/src/main/resources/jishenghua.jks
+++ b/src/main/resources/jishenghua.jks