I would like to run ShoppingCart site on https://host:8443 and if anyone tries to access it from http://host:8080 it should redirect to https://host:8443. Similarly I would like to run Administration site on https://host:9443 and if anyone tries to access it from http://host:9090 it should redirect to https://host:9443.
With SpringBoot it is really very simple. See http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-configure-ssl
You can simply follow this article https://www.drissamri.be/blog/java/enable-https-in-spring-boot/ which describes what exactly we are trying to do. Thanks to Driss Amri. Give credit where credit is due :-)Just for the sake of completion I will mention the steps here.
First we need to generate Self Signed SSL certificate using the following command:
keytool -genkey -alias jcartadmintomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore jcartadminkeystore.p12 -validity 3650
It will ask you a series of questions. I gave jcartadmin as keystore password.
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes
Once the keystore jcartadminkeystore.p12 is generated copy it to jcart-admin/src/main/resources directory.
Now configure HTTPS in the jcart-admin/src/main/resources/application-default.properties as follows:
server.port=9443 server.ssl.key-store=classpath:jcartadminkeystore.p12 server.ssl.key-store-password=jcartadmin server.ssl.keyStoreType=PKCS12 server.ssl.keyAlias=jcartadmintomcat
To redirect from HTTP to HTTPS let us configure TomcatEmbeddedServletContainerFactory bean in our WebConfig.java
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter
{
@Value("${server.port:9443}") private int serverPort;
....
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(9090);
connector.setSecure(false);
connector.setRedirectPort(serverPort);
return connector;
}
}
Now you can start the Admin application and access https://localhost:9443. If you try to access http://localhost:9090 then it should automatically redirect to https://localhost:9443.
We can follow the same approach for generating keystore for ShoppingCart site as well.
No comments:
Post a Comment