我不确定我在应用程序中做错了什么。除了通过Spring Boot Properties (application.properties)配置的HTTPS之外,我想打开第二个HTTPS端口。
代码实现:
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpConfig {
@Value("${server.https.port}")
private int httpsPort;
@Bean // (it only works for springboot 2.x)
public ServletWebServerFactory servletContainer(){
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(createStanderConnecter());
return tomcat;
}
private Connector createStanderConnecter(){
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
connector.setScheme("https");
connector.setSecure(false);
connector.setPort(httpsPort);
protocol.setSSLEnabled(false);
return connector;
}
}
当我现在尝试通过这个额外的端口(例如443)访问浏览器中的应用程序时,如
https://localhost:443/xyz
我得到以下错误信息:
Invalid character found in method name ... HTTP method names must be tokens
正如我正确理解的,这是因为浏览器现在加密请求,但它不能被解密。这是正确的吗?是否有一种可能的方式,我可以如何解密的请求?我知道我可以将其更改为HTTP,但我想避免这种情况。
仅将方案设置为https是不够的。您需要启用SSLprotocol.setSSLEnabled(true);和配置Keystore,并设置Keystore属性
简单地说,没有SSL,就不能使用https
Tomcat的文档说:
SSLEnabled:使用此属性在连接器上启用SSL流量。要在连接器上打开SSL握手/加密/解密,请将此值设置为true。默认值为false。当将此值设置为true时,您将需要设置方案和安全属性,以便将正确的request.getScheme()和request.isSecure()值传递给servlet,请参阅SSL支持了解更多信息。