[Spring Boot Security] #15 Enable HTTPS/SSL in Spring Boot
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- ⚫ Description
In this episode you will learn how to enable HTTPS/SSL for your Spring Boot application. No app is really secure if the data in transit is shown in plain text. SSL secures that data so that a malicious user can not make sense of it. You will also learn:
- how to generate a self signed certificate
- how to configure your app for SSL
_______
⚫ Source code
github.com/dangeabunea/Romani...
_______
Check out the latest software programming articles on my blog, where you will find lots of software development tutorials that will sharpen your programming skills
www.romaniancoder.com
_______
⚫ Say hi on social
Facebook: / romaniancoder
Twitter: / romaniancoder
GitHub:github.com/dangeabunea
#springboot #spring #java #webapplication #security #ssl #springsecurity #springbootsecurity #dangeabunea
_______
Created with ❤️ by Dan Geabunea (Romanian Coder) - วิทยาศาสตร์และเทคโนโลยี
![[Spring Boot Security] #16 Database Authentication - Overview](http://i.ytimg.com/vi/4l5d-ZVkDPg/mqdefault.jpg)
![[Spring Boot Security] #16 Database Authentication - Overview](/img/tr.png)
![แฉ [2/4] 17 ก.ค. 67 “ลิลลี่ เหงียน” เปิดใจหลัง “เอิร์ก เลเดอเรอร์” ตอกกลับเรื่องโกงเงิน 50 ล้าน](http://i.ytimg.com/vi/s8KapfEO5NI/mqdefault.jpg)
If you are running ubuntu just open terminal and write: keytool -genkeypair -alias myssl -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore myssl.p12 -validity 3650
Nice video btw :)
Just to add on to this great video if you are using your Spring Boot app as a restful service like I am (AKA Spring Boot app is ONLY used as your backend) you may have tried to send an HTTP request via Postman, rather than the browser. When you try this, you will initially get "Could not get a response" and the reason is because Postman by default rejects self-signed certificates. Go into the Postman settings -> general -> and toggle off the ssl-certificate feature and then it will work. This is of course until you buy a truly signed cert for deployment
This is one of the flawless videos on youtube. Just perfect. Works as charm. Thank you very much!!
I am damn thankful I found your tutorial series! It's amazing and let me improve much as beginner.
Done thanks! Took notes in onenote
Thank you so much for great tutorial.. Keep going..
good, quick and works, but you should paste key generation command in description of video
I was in depression for how the security n all things works... This video made me stable🏂
Very good, thanks for helping many people out there
It's my pleasure!
just Excellent !!
Vc é incrível!!!
This guy is the best!!(
Gracias me funciono para conectar mi api a una app web desde un hosting
I have a ssl certificate however when I do the same steps I get an error of Alias name [tomcat] does not identify a key entry
Still uses port 8080 despite doing my configurations the way you have done.
Hey, how can I disable the ssl? I tried to comment out the configuration in the application.properties and in both methods in BootSecurityApplication (httpToHttpsRedirectConnector, servletContainer) but it still doesn't work.
What if I dont use embedded Tomcat container? For example, what if I use OpenLiberty?
thank you, keep going
Thanks for the encouragement
Hi Can you tell me how to download the certificate from hostinger or godaddy so that I can use that certificate with my spring boot application
Hi I have .crt .csr .key and .ca-bundle files but not the .p14 file from the video. Can you please help me to get the .p14 file or can you show me how I can use the other files. Thank you.
Hola funciona perfecto, pero cual podría ser la mejor forma para ponerle un certificado ssl?
i am convert .p12 to jks this error happen
keytool error: java.io.IOException: toDerInputStream rejects tag type 45
Hi there,
I tried from the code at GH to go back from https to http, comenting the settings at application.properties and commenting the code at BootSecurityApplication: the @Bean and the redirector, but then authentication fails at login as it is not triggering loadUserByUsername. I have no idea why !?!?!?
Can any explain what else must be reverted to get an http connection?
(please, don't ask why i need http if i have https... i'm just willing to understand the details, ok?)
Isn't better to have proxy like Nginx that handles SSL Termination?!
I want to know the scenario , How to get username by reading client certificate ?
Thanks for the great tutorial. Same issue as FG-69 reported below. Post 15 Enable HTTPS/SSL in Spring Boot the roles for ADMIN and MANAGER do not work anymore after putting in the code mentioned in the video. Maybe its resolved in future episodes. The rest endpoint authorities based security still work. Just the roles based security does not work. Please check when you get some time.
i saw that you covered this issue in 18 - Database Authentication - User Repository video. When authorities and roles are used together authorities takes precedence. Thanks
@@rohaslob2 Thank you for this information. I had the same problem, and a I didn’t have Idea.
I am going to copy only for reinforce
"" When authorities and roles are used together authorities takes precedence ""
Thank you, best!
I already followed the steps. But, current chrome said that certificate is invalid. What should I do? Thanks
Brother, If possible please make a tutorial on microservices
First of all thanks for this amazing series
I've a situation when i'm trying to access admin or manager page i can't open them
PS: I've the good login code i can just access to profile page which is a problem for(sorry my english is not good)
Need help plz
The answer is in 18 - Database Authentication - User Repository video. When authorities and roles are used together authorities takes precedence.
This site can’t be reachedThe connection was reset.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_RESET
My application runs only on the port 8443, but you have it running the both ports 8082 and 8443. How can I solve this problem?
its just add in your properties -> server.port =
not secure problem?
friend.. why it is not recommended to use self-signed certificates in production? nice vid :)
Hello! Thanks for the message. Self signed certificates are not recognized and validated by any certificate authority. The browsers will issue warning messages due to this and it will decrease trust levels among users. You probably would not input your bank details in a form that uses self signed :)
i am really confused between AuthenticationProvider vs UserDetailsService.
Hopefully this explanation helps a bit, but if you have ever worked with springboots controller, service, and repository setup for domain objects (so just objects stored to a database), then you can think of UserDetailsService as the service class to UserDetails. AuthenticationProvider is what you actually customize to authenticate a user attempting a login by overriding Authenticate() method. The only difference between UserDetails and say for example just a custom User entity that has a controller, service, and repository class is that UserDetails is not persisted to a database. So it's basically just a way to model a user trying attempting to login.
Hopefully that made sense, I'm not the best at explaining things.
you should have shown how to get rid of that warning in browser
You can only do that for your own computer by installing the certificate. For youre clients you have to buy a real certificate
Hi, my name is Danrley and my nickname is Dan, when I saw "Dan" (3:31) I was like "what?" hahahaha
not funny dan
keytool -genkey -alias "kt"-storetype PKCS12 -keyalg RSA -keysize 2048 -keystore "kt".p12 -validity 3650 replace things betweens " "
Thanks buddy !!!!