Global TechHubHome
Introduction
In this article, I am going to explain
how to develop a Spring Boot Application and configure web application to run
on SSL (HTTPS) with self-signed certificate. Also I am going to explain the
creation of SSL cert and import.
Overview
Before moving further, let’s
understand what specific terms such as SSL or TLS means.
SSL – stands for Secure
Sockets Layer. It is the industry standard protocol for keeping an internet
connection secure by safeguarding all sensitive data that is being sent between
two systems, preventing hackers from reading and modifying any information transferred.
TLS – (Transport Layer
Security) is an updated, more secure, version of SSL. It adds more features.
Today, certificates provided by certificate authorities are based on TLS only.
But regarding secured communication over network, the term SSL is still common
as it is the old and just become popular among community.
HTTPS – (Hyper Text
Transfer Protocol Secure) appears in the URL when a website is secured by an
SSL certificate. It is the secured version of HTTP protocol.
Truststore and Keystore
– Those are used to store SSL certificates in Java but there is little
difference between them. truststore is used to store public certificates while
keystore is used to store private certificates of client or server.
Create your self signed
SSL certificate
To get SSL digital certificate for
our application we have two options –
1. to create a self-signed certificate
2. to obtain SSL certificate from certification authority(CA) we
call it CA certificate.
In this article I am going to explain
creation of self-signed certificate generated
by java keytool command. We need to run the keytool -genkey command from
command prompt.
Here is the exact command we will use
–
keytool
-genkey -alias selfsigned_localhost_sslserver -keyalg RSA -keysize 2048
-validity 700 -keypass changeit -storepass changeit -keystore ssl-server.jks
Let’s understand above command –
Ø -genkey – is the keytool command to generate the certificate,
actually keytool is a multipurpose and robust tool which has several options
Ø -alias selfsigned_localhost_sslserver – indicates the alias of the certificate, which is used by
SSL/TLS layer
Ø -keyalg RSA -keysize
2048 -validity 700 – are self descriptive
parameters indicating the crypto algorithm, keysize and certificate validity.
Ø -keypass changeit
-storepass changeit – are the passwords of
our truststore and keystore
Ø -keystore
ssl-server.jks – is the actual keystore
where the certificate and public/private key will be stored. Here we are using
JKS fromat – Java Key Store, there are other formats as well for keystore.
Once we execute above command, it
will ask for certain information and finally this will look like this.
That’s all we need at this point
regarding certification generation. This will generate the ssl-server.jks
keystore file containing our self signed certificates in the directory from
where keytool command has been executed.
To view what is inside this keystore
we can again use the keytool -list command as bellow.
keytool
-list -keystore ssl-server.jks
Output will be something like –
Create Spring-boot
project and configure SSL
Create spring boot project
Create one spring boot project using eclipse.
File à New à
Spring Starter Project.
Enter name as ‘SpringBoot-SSLSample’
, group as ‘com.eai.integration’ and click on next.
Select Web, Rest Repositories, DevTools
as dependencies and select 2.0.1 as Spring Boot version. Than click on finish.
Add REST endpoint
We will use one simple REST endpoint.
Create a WebController calss and add following code as shown below. This will
expose one rest endpoint with relative URL /secured in the server.
That’s all we need to add web
contents in our application. You can add more like adding pages, images to create
a fully functional web application.
/**
*
*/
package com.eai.integration.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author AKSHAJ
*
*/
@RestController
public class WebController {
@RequestMapping("/secured")
public String sayHello() {
return "Hello SSL Spring Boot";
}
}
Spring boot SSL Configuration
First we need to copy the generated
keystore file (ssl-server.jks) into the resources folder.
Then open the application.properties
and add the below entries.
server.port=8443 server.ssl.key-alias=selfsigned_localhost_sslserver server.ssl.key-password=changeit server.ssl.key-store=classpath:ssl-server.jks server.ssl.key-store-provider=SUN server.ssl.key-store-type=JKS
That’s all we need to enable https.
Test the Application
Now it is time to do a final maven
build by command mvn clean install and start the application by java -jar
target\ssl-server-0.0.1-SNAPSHOT.jar command. This will start our secured
application in localhost 8443 port and our end point url will be
https://localhost:8443/secured.
Since our REST endpoint is exposed
over GET, we can test it through browser only. Go to
https://localhost:8443/secured and you will get some browser warning like
certificate is not issued from trusted certificate authorities, add exception
to that in browser and you will get response from HTTPS server just created by
you.
Redirect HTTP requests to HTTPS
This is an optional step in case you
want to redirect your HTTP traffic to HTTPS, so that the full site becomes
secured. To do that in spring boot, we need to add HTTP connector at 8080 port
and then we need to set redirect port 8443. So that any request in 8080 through
http, it would be automatically redirected to 8443 and https.
To do that you just need to add below
configuration.
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
Do a final maven build by command mvn
clean install and start the application. Test http://localhost:8080/secured. It
would be automatically redirected to HTTPS secured URL.
Conclusion
We learned, how we can enable HTTPS
in spring boot application and also we have seen how we can redirect HTTP
traffic to HTTPS. We also learned to create self signed SSL certificate. We
will see more articles on spring boot soon.
Download
S. No
|
File Name
|
Size
|
Download
|
1
|
Developing Spring Boot SSL Secure Sample.pdf
|
1.0 MB
|
|
2
|
SpringBoot-SSLSample.zip
|
3 KB
|
Comments
Post a Comment