fuhouyin/spring-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade to Tomcat 8.0.28 and test support for SSL config from classpath

Browse Source 
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.

This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.

Closes gh-4048
This commit is contained in:
Andy Wilkinson 2015-10-12 13:36:32 +01:00
parent ee3d4b34a0
commit d33d068fae
6 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-boot-dependencies/pom.xml
View File

@ -134,7 +134,7 @@
<thymeleaf-extras-conditionalcomments.version>2.1.1.RELEASE</thymeleaf-extras-conditionalcomments.version> <thymeleaf-extras-conditionalcomments.version>2.1.1.RELEASE</thymeleaf-extras-conditionalcomments.version>
<thymeleaf-layout-dialect.version>1.2.9</thymeleaf-layout-dialect.version> <thymeleaf-layout-dialect.version>1.2.9</thymeleaf-layout-dialect.version>
<thymeleaf-extras-data-attribute.version>1.3</thymeleaf-extras-data-attribute.version> <thymeleaf-extras-data-attribute.version>1.3</thymeleaf-extras-data-attribute.version>
<tomcat.version>8.0.26</tomcat.version> <tomcat.version>8.0.28</tomcat.version>
<undertow.version>1.1.8.Final</undertow.version> <undertow.version>1.1.8.Final</undertow.version>
<velocity.version>1.7</velocity.version> <velocity.version>1.7</velocity.version>
<velocity-tools.version>2.0</velocity-tools.version> <velocity-tools.version>2.0</velocity-tools.version>

4
spring-boot-docs/src/main/asciidoc/howto.adoc
View File

@ -423,10 +423,6 @@ typically in `application.properties` or `application.yml`. For example:
See {sc-spring-boot}/context/embedded/Ssl.{sc-ext}[`Ssl`] for details of all of the See {sc-spring-boot}/context/embedded/Ssl.{sc-ext}[`Ssl`] for details of all of the
supported properties. supported properties.
NOTE: Tomcat requires the key store (and trust store if you're using one) to be directly
accessible on the filesystem, i.e. it cannot be read from within a jar file. This
limitation doesn't apply to Jetty and Undertow.
Using configuration like the example above means the application will no longer support Using configuration like the example above means the application will no longer support
plain HTTP connector at port 8080. Spring Boot doesn't support the configuration of both plain HTTP connector at port 8080. Spring Boot doesn't support the configuration of both
an HTTP connector and an HTTPS connector via `application.properties`. If you want to an HTTP connector and an HTTPS connector via `application.properties`. If you want to

2
spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties
View File

@ -1,4 +1,4 @@
server.port = 8443 server.port = 8443
server.ssl.key-store = sample.jks server.ssl.key-store = classpath:sample.jks
server.ssl.key-store-password = secret server.ssl.key-store-password = secret
server.ssl.key-password = password server.ssl.key-password = password

0
spring-boot-samples/spring-boot-sample-tomcat-ssl/sample.jks → spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/sample.jks
View File

7
spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
View File

@ -285,8 +285,7 @@ public class TomcatEmbeddedServletContainerFactory
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
try { try {
File file = ResourceUtils.getFile(ssl.getKeyStore()); protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString());
protocol.setKeystoreFile(file.getAbsolutePath());
} }
catch (FileNotFoundException ex) { catch (FileNotFoundException ex) {
throw new EmbeddedServletContainerException( throw new EmbeddedServletContainerException(
@ -303,8 +302,8 @@ public class TomcatEmbeddedServletContainerFactory
private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
if (ssl.getTrustStore() != null) { if (ssl.getTrustStore() != null) {
try { try {
File file = ResourceUtils.getFile(ssl.getTrustStore()); protocol.setTruststoreFile(
protocol.setTruststoreFile(file.getAbsolutePath()); ResourceUtils.getURL(ssl.getTrustStore()).toString());
} }
catch (FileNotFoundException ex) { catch (FileNotFoundException ex) {
throw new EmbeddedServletContainerException( throw new EmbeddedServletContainerException(

26
spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
View File

@ -311,14 +311,19 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
} }
@Test @Test
public void basicSsl() throws Exception { public void basicSslFromClassPath() throws Exception {
testBasicSslWithKeyStore("classpath:test.jks");
}
@Test
public void basicSslFromFileSystem() throws Exception {
testBasicSslWithKeyStore("src/test/resources/test.jks"); testBasicSslWithKeyStore("src/test/resources/test.jks");
} }
@Test @Test
public void sslDisabled() throws Exception { public void sslDisabled() throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
Ssl ssl = getSsl(null, "password", "src/test/resources/test.jks"); Ssl ssl = getSsl(null, "password", "classpath:test.jks");
ssl.setEnabled(false); ssl.setEnabled(false);
factory.setSsl(ssl); factory.setSsl(ssl);
this.container = factory.getEmbeddedServletContainer( this.container = factory.getEmbeddedServletContainer(
@ -374,8 +379,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
public void pkcs12KeyStoreAndTrustStore() throws Exception { public void pkcs12KeyStoreAndTrustStore() throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);
factory.setSsl(getSsl(ClientAuth.NEED, null, "src/test/resources/test.p12", factory.setSsl(getSsl(ClientAuth.NEED, null, "classpath:test.p12",
"src/test/resources/test.p12")); "classpath:test.p12"));
this.container = factory.getEmbeddedServletContainer(); this.container = factory.getEmbeddedServletContainer();
this.container.start(); this.container.start();
KeyStore keyStore = KeyStore.getInstance("pkcs12"); KeyStore keyStore = KeyStore.getInstance("pkcs12");
@ -398,8 +403,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
throws Exception { throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);
factory.setSsl(getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks", factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks",
"src/test/resources/test.jks")); "classpath:test.jks"));
this.container = factory.getEmbeddedServletContainer(); this.container = factory.getEmbeddedServletContainer();
this.container.start(); this.container.start();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@ -422,8 +427,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
throws Exception { throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);
factory.setSsl( factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks"));
getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks"));
this.container = factory.getEmbeddedServletContainer(); this.container = factory.getEmbeddedServletContainer();
this.container.start(); this.container.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
@ -441,8 +445,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
throws Exception { throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);
factory.setSsl( factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks"));
getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks"));
this.container = factory.getEmbeddedServletContainer(); this.container = factory.getEmbeddedServletContainer();
this.container.start(); this.container.start();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@ -465,8 +468,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
throws Exception { throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);
factory.setSsl( factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks"));
getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks"));
this.container = factory.getEmbeddedServletContainer(); this.container = factory.getEmbeddedServletContainer();
this.container.start(); this.container.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(