Added SSL with support for http as well and forced redirection from h…

…ttp to https
kids-first · Feb 22, 2021 · 83a1187 · 83a1187
1 parent 2ad16e7
commit 83a1187
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -28,4 +28,6 @@ hs_err_pid*
 target
 
 *.iml
-*.factorypath
+*.factorypath
+
+ssl
diff --git a/src/main/java/io/kidsfirst/config/HttpConnectorConfig.java b/src/main/java/io/kidsfirst/config/HttpConnectorConfig.java
@@ -0,0 +1,61 @@
+package io.kidsfirst.config;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Connector;
+import org.apache.coyote.http11.Http11NioProtocol;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class HttpConnectorConfig {
+    @Value("${server.port}")
+    private int httpsPort;
+
+    @Value("${server.http.port}")
+    private int httpPort;
+
+    @Value("${server.http.force-ssl}")
+    private boolean forceSSL;
+
+    @Bean
+    public ServletWebServerFactory servletContainer() {
+        TomcatServletWebServerFactory tomcat =
+                forceSSL ? new TomcatServletWebServerFactory() {
+                                @Override
+                                protected void postProcessContext(Context context) {
+                                    SecurityConstraint securityConstraint = new SecurityConstraint();
+                                    securityConstraint.setUserConstraint("CONFIDENTIAL");
+                                    SecurityCollection collection = new SecurityCollection();
+                                    collection.addPattern("/*");
+                                    securityConstraint.addCollection(collection);
+                                    context.addConstraint(securityConstraint);
+                                }
+                            } :
+                            new TomcatServletWebServerFactory();
+
+        tomcat.addAdditionalTomcatConnectors(createHttpConnector());
+        return tomcat;
+    }
+
+    private Connector createHttpConnector() {
+        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
+        Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
+        try {
+            connector.setScheme("http");
+            connector.setSecure(false);
+            connector.setPort(httpPort);
+            protocol.setSSLEnabled(false);
+            connector.setRedirectPort(httpsPort);
+
+            return connector;
+        } catch (Exception ex) {
+            throw new IllegalStateException("Fail to create http connector", ex);
+        }
+    }
+
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -4,7 +4,15 @@ spring:
   main:
     allow-bean-definition-overriding: true
 server:
-  port: 8080
+  port: 8443
+  ssl:
+    key-store: file:/home/plaplante/CHUST/projects/kidsfirst/kf-key-management-fork/ssl/plaplante.p12
+    key-password: changeit
+    # JKS or PKCS12
+    key-store-type: PKCS12
+  http:
+    port: 8081
+    force-ssl: false
   servlet:
     session:
       cookie:
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,4 +28,6 @@ hs_err_pid* @@
     target
     *.iml
-    *.factorypath
+    *.factorypath
+    ssl