Back to: Spring Boot Tutorials
Spring Boot HTTPS
In this article, I am going to discuss Spring Boot HTTPS with Examples. Please read our previous article where we discussed Spring Boot Internationalization with Examples.
What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secured. It is a more secure version of HTTP. Up until now, we have been using HTTP. To use HTTPS, a webpage needs to have a Secure Sockets Layer (SSL) certificate. This certificate can be self-signed or it can be obtained from another authority.
How to Implement HTTPS in Spring Boot?
We will create an SSL certificate (self-signed) using Java.
We will learn to implement HTTPS into Spring Boot with a fresh project.
Step 1: Create a new project using Spring Initializr in VS Code. Remember to include the spring-boot-starter-web dependency.
Step 2: Modify the HttpsApplication.java file such that it becomes a simple REST controller:
Step 3: Verify that the webpage is up and functional.
Note that this is a HTTP page, and not an HTTPS one. This is what happens when trying to use the same link with HTTPS:
Step 4: To implement HTTPS, we shall require a certificate. For this exercise, we shall be using a self-signed certificate. Enter the following into the VS Code terminal:
The program shall ask for the following details:
- Keystore password: This must be entered. The password must be at least six characters.
- Other details, such as name, and organization: These can be left empty. Just press enter when the program asks for it.
- Confirmation prompt: Enter “yes”.
After this is done, a message appears, stating that the certificate is being created. In this case, we have given the certificate a validity of 3650 days, which is roughly 10 years. Notice that a file called keystore.p12 shall appear in the file explorer:
This file contains the self-signed certificate.
Step 5: Configure the application to use HTTPS. Modify the application.properties file in src/main/resources directory as follows:
Enter the keystore password as set in Step 4. Other parameters need not be modified. Alternatively, one may also, use YAML to set up the configuration. To do this, create a file called application.yml in the same directory as the application.properties file. Populate the file with the following lines:
This is going to have the same effect as modifying the application.properties file. Since YAML is more readable, YAML should be used for larger configuration files. Ensure that the application.properties and application.yml files do not clash with each other. This may create discrepancies in the project.
Step 6: Compile and execute the application. Ensure the compilation is successful.
As can be seen from the logs, the application starts running on port 443, which is a port designated for HTTPS connections. We can also see that the application uses the certificate we created (in the Keystore.p12 file).
Step 7: Log on to https://localhost:443 to check if HTTPS is functioning. You may encounter the following error:
The web browser does not trust the HTTPS certificate that we have assigned it. Since we know that the application is legitimate, click on “Accept the Risk and Continue”.
As can be seen in the above screenshot, the expected output is visible. Also, the website is now in HTTPS mode.
Congratulations! You now know how to implement HTTPS in Spring Boot and make your web-based application more secure!
The Complete Example Code
HttpsApplication.java
package com.dotnet.https;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RequestMapping;
@SpringBootApplication
@RestController
public class HttpsApplication
{
public static void main(String[] args) {
SpringApplication.run(HttpsApplication.class, args);
}
@RequestMapping(value="/")
public String hello ()
{
return "Hello!";
}
}
In the next article, I am going to discuss Spring Boot Eureka Server with Examples. Here, in this article, I try to explain Spring Boot HTTPS with Examples. I hope you enjoy this Spring Boot HTTPS article.
About the Author: Pranaya Rout
Pranaya Rout has published more than 3,000 articles in his 11-year career. Pranaya Rout has very good experience with Microsoft Technologies, Including C#, VB, ASP.NET MVC, ASP.NET Web API, EF, EF Core, ADO.NET, LINQ, SQL Server, MYSQL, Oracle, ASP.NET Core, Cloud Computing, Microservices, Design Patterns and still learning new technologies.