SpringBoot使用jetty和tomcat还有undertow以及ssl配置支持https请求

一般使用SpringBoot开发应用程序都是使用的tomcat 稍微注意点性能就使用undertow，配置支持https请求常用nginx来做代理，直接用SpringBoot配置还是很少的，八成用不到，就怕需要用到的时候又不能及时弄出来，于是记录一下。

使用的SpringBoot版本

<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.5.RELEASE</version><relativePath/> <!-- lookup parent from repository -->
</parent>

直接使用tomcat的话默认就好

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- spring-boot-starter-web 包含了这个的-->
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>

使用jetty

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><exclusions><exclusion><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></exclusion></exclusions>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jetty</artifactId>
</dependency>

使用undertow

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><exclusions><exclusion><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></exclusion></exclusions>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-undertow</artifactId>
</dependency>

在常用的端口这种配置是一样的，根据各自的不同也有不同的配置，比如吞吐量等，直接不配置使用默认配置就好，需要调优再根据具体的需求来选择。

server.port=8080

https请求配置

application.properties配置三者一样端口443 ssl证书参考阿里的证书

server.port=443
server.ssl.key-store=classpath:12345678_develop.mayiwu-example.com.pfx
server.ssl.key-store-password=12345678

myw
也还有其他的一些配置

tomcat

方式一不推荐SslConfig.java

package boot.example.ssl.config;import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;@Configuration
public class SslConfig {/*** 	http 转 https* 	据说有坑，用这种方式将http重定向到https post方式会丢失请求参数，应该是导入的包出错的原因导致的，目前没有遇到,也没有详细测试*/@Beanpublic Connector connector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setScheme("http");// 监听的http端口connector.setPort(80);connector.setSecure(false);// 监听到http端口后跳转的https端口connector.setRedirectPort(443);return connector;}/*** 	拦截所有的请求*/@Beanpublic TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection collection = new SecurityCollection();collection.addPattern("/*");securityConstraint.addCollection(collection);context.addConstraint(securityConstraint);}};//TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();tomcat.addAdditionalTomcatConnectors(connector);return tomcat;}}

方式二

package boot.example.ssl.config;import org.apache.catalina.connector.Connector;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;/*** * 建议使用这种方式**/
@Configuration
public class Ssl2Config {@Beanpublic ServletWebServerFactory servletContainer() {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();tomcat.addAdditionalTomcatConnectors(createStandardConnector()); // 添加httpreturn tomcat;}// 配置http  只需要设置port不设置重定向，那么http https都可以访问private Connector createStandardConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setPort(80);return connector;}}

jetty

HttpToHttpsJettyConfig.java

package boot.example.ssl.config;import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.webapp.AbstractConfiguration;
import org.eclipse.jetty.webapp.WebAppContext;public class HttpToHttpsJettyConfig extends AbstractConfiguration {@Overridepublic void configure(WebAppContext context) throws Exception {Constraint constraint = new Constraint();constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);ConstraintMapping mapping = new ConstraintMapping();mapping.setPathSpec("/*");mapping.setConstraint(constraint);ConstraintSecurityHandler handler = new ConstraintSecurityHandler();handler.addConstraintMapping(mapping);context.setSecurityHandler(handler);}
}

WebServerFactoryCustomizerConfig.java

package boot.example.ssl.config;import java.util.Collections;import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.ServerConnector;
import org.springframework.boot.web.embedded.jetty.ConfigurableJettyWebServerFactory;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Configuration;@Configuration
public class WebServerFactoryCustomizerConfig implements WebServerFactoryCustomizer<ConfigurableJettyWebServerFactory>{@Overridepublic void customize(ConfigurableJettyWebServerFactory factory) {//这段代码将会使得http转https 如果注释掉，那么访问http将会访问80端口，https将会访问443端口，都是默认端口,就不会重定向到443端口((JettyServletWebServerFactory)factory).setConfigurations(Collections.singleton(new HttpToHttpsJettyConfig()));factory.addServerCustomizers(server -> {// https 443端口与配置文件里的端口保持一致HttpConfiguration httpConfiguration = new HttpConfiguration();httpConfiguration.setSecurePort(443);httpConfiguration.setSecureScheme("https");/*** 一下端口配置了http转https都会转到443* */// http 80端口ServerConnector connector = new ServerConnector(server);connector.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));connector.setPort(80);server.addConnector(connector);//若是继续 还可以使用http 其他端口ServerConnector connector2 = new ServerConnector(server);connector2.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));connector2.setPort(8182);server.addConnector(connector2);});}}

undertow

package boot.example.ssl.config;import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import io.undertow.Undertow;
import io.undertow.UndertowOptions;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;@Configuration
public class SslConfig {/*** 采用Undertow作为服务器。* Undertow是一个用java编写的、灵活的、高性能的Web服务器，提供基于NIO的阻塞和非阻塞API，特点：* 非常轻量级，Undertow核心瓶子在1Mb以下。它在运行时也是轻量级的，有一个简单的嵌入式服务器使用少于4Mb的堆空间。* 支持HTTP升级，允许多个协议通过HTTP端口进行多路复用。* 提供对Web套接字的全面支持，包括JSR-356支持。* 提供对Servlet 3.1的支持，包括对嵌入式servlet的支持。还可以在同一部署中混合Servlet和本机Undertow非阻塞处理程序。* 可以嵌入在应用程序中或独立运行，只需几行代码。* 通过将处理程序链接在一起来配置Undertow服务器。它可以对各种功能进行配置，方便灵活。*/@Beanpublic ServletWebServerFactory undertowFactory() {UndertowServletWebServerFactory undertowFactory = new UndertowServletWebServerFactory();undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {builder.addHttpListener(80, "0.0.0.0");// 开启HTTP2builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);});undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {builder.addHttpListener(8088, "0.0.0.0");// 开启HTTP2builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);});undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> {// 开启HTTP自动跳转至HTTPS   注释后各自访问各自的deploymentInfo.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)).setConfidentialPortManager(exchange -> 443);});return undertowFactory;}
}