Java 使用 Spring Boot 进行客户端证书认证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/51177317/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Client Certificate Authentication with Spring Boot
提问by simbro
I need to import a certificate in order to make a http request to an external service in a Spring Boot application.
我需要导入证书才能向 Spring Boot 应用程序中的外部服务发出 http 请求。
How do I set up Spring Boot in order to do this?
如何设置 Spring Boot 以执行此操作?
There's a lot of information out there but I'm finding it all a bit confusing. It seems as though I may just need to create something like a "truststore.jks" keystore and import the correct certificate, and and add some entries to my application.properties.
那里有很多信息,但我发现它们有点令人困惑。似乎我可能只需要创建类似“truststore.jks”密钥库的东西并导入正确的证书,并向我的 application.properties 添加一些条目。
采纳答案by ISlimani
Start by generating a self-signed certificate using keytoolif you don't already have one
keytool如果您还没有自签名证书,请先生成自签名证书
Open your terminal or cmd
打开您的终端或 cmd
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650
Answer all the questions. In the first question: what's your first name and last nameput localhost.
回答所有问题。在第一个问题:什么是你的第一个名字和姓氏放localhost。
If you have already a certificate yourcertificate.crtdo this
如果您已经有证书,yourcertificate.crt请执行此操作
keytool -import -alias tomcat -file yourcertificate.crt -keystore keystore.p12 -storepass password
You will get a file called keystore.p12.
你会得到一个名为keystore.p12.
Copy this file to your resources folder
将此文件复制到您的 resources folder
Add the following lines to your propertiesfile
将以下行添加到您的properties文件中
# Define a custom port instead of the default 8080
server.port=8443
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password= {your password here}
# The alias mapped to the certificate
server.ssl.key-alias=tomcat
Create a Configclass as follows
创建一个Config类如下
@Configuration
public class ConnectorConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(getHttpConnector());
return tomcat;
}
private Connector getHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
Now your application is accessible with https://localhost:8443
现在您的应用程序可以通过 https://localhost:8443
Now you can access your third service that asks you for ssl authentication
现在您可以访问要求您进行 ssl 身份验证的第三项服务
