1. Overview

In this article, We will see spring boot SSL configuration example while embedded tomcat. HTTPs most preferable while the application is transforming important data over network layer like payment information, credit card information or any other secure and important information in a network.

Here are some pre-requisite to install the certificate:

  1. keystore.jksfile which contains SSL certificate. SSL certificate we need to purchase from any SSL certificate provider authority or for testing or development purpose we can generate a self-sign certificate. Here is a command to generate a self-sign certificate in Java.
    keytool -genkey -alias javadeveloperzone.com -keyalg RSA -keystore KeyStore.jks -keysize 2048
    
    

    It will ask the first name, last name, Organisation details. It will also ask for two password key store password and key password, remember those password which will be used further. Here are more details about self-sign certificate

Steps to Configure SSL Certificate

Step 1: Put keystore.jks file insider resources  folder at the root level

Step 2: Add following properties to an application.properties file

server.ssl.key-store, server.ssl.key-password password those which has been enter at the time of creating .jks file.

server.port=8443
server.ssl.key-password=your-password

2. Example:

Spring boot SSL/HTTPS configuration example

Spring boot SSL/HTTPS configuration example

2.1 pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>spring-boot-example</groupId>
    <artifactId>spring-boot-example</artifactId>
    <version>1.0-SNAPSHOT</version>
    <description>Spring boot SSL configuration example</description>
    <packaging>jar</packaging>
    <!-- Inherit defaults from Spring Boot -->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.4.RELEASE</version>
    </parent>
    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>
    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
    </dependencies>

    <!-- Package as an executable jar -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

2.2 application.properties

SSL port is 8443, here we have specified keystore file and key password, server.ssl.enabled property is used to enable or display SSL or HTTPs. Other SSL properties are available over here

server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-password=javadeveloperzone

2.3 SpringBootConfig

package com.javadeveloperzone;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;

/**
 * Created by JavaDeveloperZone on 19-07-2017.
 */

@SpringBootApplication
@ComponentScan  // Using a root package also allows the @ComponentScan annotation to be used without needing to specify a basePackage attribute
public class SpringBootConfig {
    public static void main(String[] args) throws Exception {
        SpringApplication.run(SpringBootConfig.class, args);            // it wil start application
    }
}

To redirect HTTP to HTTPS (Optional)

Create bean in spring boot application requires redirecting HTTP to HTTPS but this is the optional step.

    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };

        tomcat.addAdditionalTomcatConnectors(redirectConnector());
        return tomcat;
    }

    private Connector redirectConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);    // if requires comes from 8080 then redurect to 8443
        connector.setSecure(false);
        connector.setRedirectPort(8443);   // application will run on 8443
        return connector;
    }

2.4 DemoController

package com.javadeveloperzone.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created by JavaDeveloperZone on 01-04-2018.
 */
@RestController
public class DemoController {

    @RequestMapping(value = "/hello")
    public String hello() {
        return "This is secure call";
    }
}

2.5 Build and Run an application

mvn spring-boot:run

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.4.RELEASE)

2018-04-01 16:05:52.171  INFO 118324 --- [           main] com.javadeveloperzone.SpringBootConfig   : Starting
 SpringBootConfig on Mahesh with PID 118324 (F:\extrawork\spring-boot\spring-boot-https-example\target\classes
 started by Lenovo in F:\extrawork\spring-boot\spring-boot-https-example)
2018-04-01 16:05:52.176  INFO 118324 --- [           main] com.javadeveloperzone.SpringBootConfig   : No activ
e profile set, falling back to default profiles: default
2018-04-01 16:06:02.902  INFO 118324 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat s
tarted on port(s): 8443 (https)
2018-04-01 16:06:02.928  INFO 118324 --- [           main] com.javadeveloperzone.SpringBootConfig   : Started
SpringBootConfig in 11.829 seconds (JVM running for 16.891)

NOTE: Application running on 8334 port in local machine but while try to access using https://localhost:8443 the browser may generate an error like The certificate is not valid for the name localhost because a certificate is generated for javadeveloperzone.com host to check in the development environment we can change the host file for windows (c:\Windows\System32\Drivers\etc\hosts) add entry in host file like :

localhost javadeveloperzone.com
127.0.0.1 javadeveloperzone.com

 

2.6 Output:

https://javadeveloperzone.com:8443/hello while trying to access the application, It may generate following exception in a browser like chrome because we are using self-sign certificate, If we are using valid authority certificate then this type of exception will not be generated so we can move ahead click to Proceed to javadeveloperzone.com (unsafe)

Spring boot SSL configuration example -output

Spring boot SSL configuration example -output

After clicking  Proceed to javadeveloperzone.com (unsafe), It will display proper output as per our expectation. HTTPS has been displayed in red because we are using self-sign certificate.  Self-sign certificate is not preferable for production.

Spring boot SSL configuration example -output 2

Spring boot SSL configuration example -output 2

Let’s check SSL certificate

Spring boot SSL configuration example - View SSL Certificate

Spring boot SSL configuration example – View SSL Certificate

3. Conclusion

In this article, we learn that how we can configure SSL or HTTPS with spring boot application with Self-sign certificate. Self-Sign certificate can be used for development purpose only, We need to purchase SSL certificate from a valid authority. We can enable or disable SSL configuration using the property :  server.ssl.enabled

4. References

Was this post helpful?
Let us know, if you liked the post. Only in this way, we can improve us.
Yes
No

Leave a Reply

Your email address will not be published. Required fields are marked *