桟橋は、私は、この要件にシステムを構成しています+ Spring MVCの+の春のセキュリティ+ HTTPS

Question

を組み込み：

• Spring MVCの
• 突堤9埋め込ま
• 春のセキュリティ春

HTTPS経由でブートは良い出発点かもしれませんが、私たちの古いハードウェアのために動作していません。これらの部分だけでSpringを構成する必要があります。

私はSpring MVCの、突堤や春のセキュリティが強化されたが、HTTP経由で作業コードを持っている：

春のセキュリティ：

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    @Value("${web.security.http.username1}") private String webUser1; 
    @Value("${web.security.http.password1}") private String webPassword1; 

    private static String REALM = "MY_TEST_REALM"; 

    @Autowired 
    protected void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception, BadCredentialsException { 

     auth.inMemoryAuthentication() 
      .withUser(webUser1).password(webPassword1).roles("USER"); 
    } 

    /** 
    * Ignored resources 
    */ 
    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web 
     .ignoring().antMatchers("/css/**", "/js/**", "/webjars/**") 
     .and() 
     .ignoring().antMatchers(HttpMethod.OPTIONS, "/**"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     http  
     .authorizeRequests() 
     .antMatchers("/**").hasRole("USER") 
     .and() 
      .csrf()   
     .and() 
      .httpBasic().authenticationEntryPoint(entryPoint()) 
     .and() 
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).sessionFixation().none() 
     .and() 
      .headers() 
       .xssProtection() 
      .and() 
       .frameOptions() 
      .and() 
       .httpStrictTransportSecurity() 
       .includeSubDomains(true) 
       .maxAgeInSeconds(60 * 60)    
      .and() 
       .contentTypeOptions() 
      .and() 
       .contentSecurityPolicy("" 
          + "default-src 'self'; " 
          + "script-src 'self'; " 
          + "connect-src 'self'; " 
          + "img-src 'self'; " 
          + "font-src 'self'; " 
          + "frame-ancestors 'none'; " 
          + "base-uri 'self'; " 
          + "form-action 'self'; " 
          + "style-src 'self' 'unsafe-inline' 'unsafe-eval'; ") 
      .and() 
       // internet explorer 
       .addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy","sandbox")); 
    } 

    @Bean 
    public BasicAuthenticationEntryPoint entryPoint() { 
     BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint(); 
     entryPoint.setRealmName(REALM); 
     return entryPoint; 
    } 
} 

突堤構成：

@Bean 
    public WebAppContext jettyWebAppContext() throws IOException { 

     WebAppContext webUiContext = new WebAppContext(); 
     webUiContext.setContextPath(jettyContextPath); 
     webUiContext.setWar(new ClassPathResource("webapp").getURI().toString()); 
     webUiContext.setInitParameter("dirAllowed", "false"); 
     webUiContext.setParentLoaderPriority(true); 

     GenericWebApplicationContext webApplicationContext = new GenericWebApplicationContext(); 
     webApplicationContext.setParent(applicationContext); 
     webApplicationContext.refresh(); 
     webUiContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, webApplicationContext); 
     webUiContext.addEventListener(new WebMvcContextInit()); 
     webUiContext.addFilter(
      new FilterHolder(new DelegatingFilterProxy( 
        AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)), 
        "/*", EnumSet.allOf(DispatcherType.class) 
     ); 

     return webUiContext; 
    } 



@Bean(initMethod = "start", destroyMethod = "stop") 
    public Server jettyServer() throws IOException { 

JettyConfigurationMapper mappedFile = readJettyAccessConfigurationMapper(); 
      Server server = new Server(new InetSocketAddress(jettyHost, jettyPort)); 
      InetAccessHandler inetAccessHandler = buildInetAccessHandler(mappedFile); 
      server.setHandler(inetAccessHandler); 
      inetAccessHandler.setHandler(jettyWebAppContext()); 
      return server; 
} 

次のコードでjettyの設定をhttpsに変更します。私はしか表示しません任意のセキュリティフォーム（HTTPベーシック認証）を持つブラウザで、：

@Bean(initMethod = "start", destroyMethod = "stop") 
    public Server jettyServer() throws IOException { 

     System.setProperty("jsse.enableSNIExtension", "false"); 

      HttpConfiguration httpConfig = new HttpConfiguration();   
      httpConfig.setSecureScheme("https"); 
      httpConfig.setSecurePort(jettyPort); 

      HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); 
      httpsConfig.addCustomizer(new SecureRequestCustomizer()); 

      Resource jksFile = resourceLoader.getResource("classpath:" + myKeystoreJks); 
      SslContextFactory sslContextFactory = new SslContextFactory(); 
      sslContextFactory.setKeyStorePath(jksFile.getURL().toExternalForm()); 
      sslContextFactory.setKeyStorePassword(myKeystorePassword); 

      Server server = new Server(new InetSocketAddress(jettyHost, 8080)); 
      ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), 
        new HttpConnectionFactory(httpsConfig)); 
      sslConnector.setPort(jettyPort); 
      server.setConnectors(new Connector[] { sslConnector }); 
      JettyConfigurationMapper mappedFile = readJettyAccessConfigurationMapper(); 
      InetAccessHandler inetAccessHandler = buildInetAccessHandler(mappedFile); 
      server.setHandler(inetAccessHandler); 
      inetAccessHandler.setHandler(jettyWebAppContext()); 

      return server; 
    } 

Answer 1

は私の代わりにサーバコネクタサーバーのコンストラクタを使用して問題を解決しました。これはHttpsでうまく動作します。

Server server = new Server(new InetSocketAddress(jettyHost, 8080)); 
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), 
new HttpConnectionFactory(httpsConfig)); 
sslConnector.setPort(jettyPort); 

から

へ：

Server server = new Server(); 
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), 
new HttpConnectionFactory(httpsConfig)); 
sslConnector.setPort(jettyPort); 
sslConnector.setHost(jettyHost);