Spring Tomcat Multiple HTTPS Ports

0
votes

We are currently in the process of changing the port on one of our servers, but clients may not be restricted in live operation. The previously used port was 8443 which allowed the clients to reach the server. The new one should be 443. So I started to configure the Tomcat in Spring to support multiple ports. 

@Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
        Connector[] additionalConnectors = this.additionalConnector();
        if (additionalConnectors != null && additionalConnectors.length > 0) {
            tomcat.addAdditionalTomcatConnectors(additionalConnectors);
        }
        return tomcat;
    }

    private Connector[] additionalConnector() {
        if (StringUtils.isBlank(this.additionalPorts) || this.additionalPorts.equalsIgnoreCase("none")) {
            return null;
        }
        String[] ports = this.additionalPorts.split(",");
        List<Connector> result = new ArrayList<>();
        for (String port : ports) {
            Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
            connector.setScheme("https");
            connector.setPort(Integer.valueOf(port));
            connector.setSecure(true);
            result.add(connector);
        }
        return result.toArray(new Connector[] {});
    }

application.properties: 

server.port=443
server.additionalPorts=8443
security.require-ssl=true
server.ssl.key-store=/var/back/keystore.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat
server.ssl.key-store-password=<pw hidden>

The Problem now is that the server starts correctly listening to both ports:

Tomcat started on port(s): 443 (https) 8443 (https) with context path ''

but only the 443 port is working. I guess that only the 443 makes use of the keystone. How can I achieve that the port 8443 is also using the same keystore?

1
javaspringtomcat
Duplicate with stackoverflow.com/questions/36357135/…Do Trung Duc
No, your link is about adding multiple ports which do NOT run on HTTPS with a keystore. (same base code different problem)Markus G.

1 Answers

0
votes

Okay after a little more research and browsing through some class files and javadocs I resolved this issue with the following code extension.

Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
            //Getting the Protocol from the connector
            Http11NioProtocol protocol = (Http11NioProtocol)connector.getProtocolHandler();

            connector.setPort(Integer.valueOf(port));
            protocol.setSSLEnabled(true); //Set SSL Enabled
            connector.setScheme("https");
            connector.setSecure(true);

            //And now setting all properties in the protocol which would be set in the application.properties
            File truststore = Paths.get(keyStore).toFile();
            protocol.setKeystoreFile(truststore.getAbsolutePath());
            protocol.setKeystoreType(keyStoreType);
            protocol.setKeyAlias(keyAlias);
            protocol.setKeystorePass(keyPassword);