Note that, I'm using Spring Tool Suite 4 Version: 4.10.0.RELEASE Build Id: 25 while the speaker in that tutorial is using Spring Tool Suite 3.5, is this the root cause? The SpringSource Tool Suite (STS) is a development environment based on Eclipse that comes configured with all the plugins needed to work with dm Server and OSGi. This includes the latest version of dm Server Tools, so no updates are necessary. Although the steps are similar, the details of installing STS depend on the operating system. Spring Tool Suite ( STS) is a set of tools for creating Spring applications. It can be either installed as a plugin to an existing installation of Eclipse JEE or can be installed standalone. The standalone version of STS is also packaged with Eclipse EE, so all Eclipse features for Java EE development are available in STS too.
Spring Tool Suite (version: 3.9.4.RELEASE) Maven (version: 3.5.2) Java (version: 1.8) Tomcat (version: 9.0.2) Steps. Create new Maven project; Configure Tomcat; Create src/main/java and src/test/java folders, if there aren’t any; Run the application; Screen shots. Step 1 – Create Maven web application project using either Eclipse IDE or STS. Spring Tool Suite 4 makes it easy to get started. A direct and easy-to-use integration of the Spring Initializr and the famous Spring Guides allows you to go from nothing to a running Spring Boot app in seconds. Navigate your spring code Understanding and quickly navigating source code is essential for coding.
Setting up HTTPS for Spring Boot requires two steps:
- Getting an SSL certificate;
- Configuring SSL in Spring Boot.
We can generate an SSL certificate ourselves (self-signed certificate). Its use is intended just for development and testing purposes. In production, we should use a certificate issued by a trusted Certificate Authority (CA).
In either case, we're going to see how to enable HTTPS in a Spring Boot application. Examples will be shown both for Spring Boot 1 and Spring Boot 2.
In this tutorial, we're going to:
- Get an SSL certificate
- Generate a self-signed SSL certificate
- Use an existing SSL certificate
- Enable HTTPS in Spring Boot
- Redirect HTTP requests to HTTPS
- Distribute the SSL certificate to clients.
If you don't already have a certificate, follow the step 1a. If you have already got an SSL certificate, you can follow the step 1b.
Throughout this tutorial, I'll use the following technologies and tools:
- Java JDK 8
- Spring Boot 2.2.2 and Spring Boot 1.5.22
Keytool is a certificate management utility provided together with the JDK, so if you have the JDK installed, you should already have keytool available. To check it, try running the command
keytool --help from your Terminal prompt. Note that if you are on Windows, you might need to launch it from the bin folder. For more information about this utility, you can read the official documentation.
On GitHub, you can find the source code for the application we are building in this tutorial.
1a. Generate a self-signed SSL certificate
First of all, we need to generate a pair of cryptographic keys, use them to produce an SSL certificate and store it in a keystore. The keytool documentation defines a keystore as a database of 'cryptographic keys, X.509 certificate chains, and trusted certificates'.
To enable HTTPS, we'll provide a Spring Boot application with this keystore containing the SSL certificate.
The two most common formats used for keystores are JKS, a proprietary format specific for Java, and PKCS12, an industry-standard format. JKS used to be the default choice, but now Oracle recommends to adopt the PKCS12 format. We're going to see how to use both.
Generate an SSL certificate in a keystore
Let's open our Terminal prompt and write the following command to create a JKS keystore:
To create a PKCS12 keystore, and we should, the command is the following:
Let's have a closer look at the command we just run:
genkeypair: generates a key pair;
alias: the alias name for the item we are generating;
keyalg: the cryptographic algorithm to generate the key pair;
keysize: the size of the key. We have used 2048 bits, but 4096 would be a better choice for production;
storetype: the type of keystore;
keystore: the name of the keystore;
validity: validity number of days;
storepass: a password for the keystore.
When running the previous command, we will be asked to input some information, but we are free to skip all of it (just press Return to skip an option). When asked if the information is correct, we should type yes. Finally, we hit return to use the keystore password as key password as well.
At the end of this operation, we'll get a keystore containing a brand new SSL certificate.
Verify the keystore content
To check the content of the keystore following the JKS format, we can use keytool again:
To test the content of a keystore following the PKCS12 format:
Convert a JKS keystore into PKCS12
Should we have already a JKS keystore, we have the option to migrate it to PKCS12; keytool has a convenient command for that:
1b. Use an existing SSL certificate
In case we have already got an SSL certificate, for example, one issued by Let's Encrypt, we can import it into a keystore and use it to enable HTTPS in a Spring Boot application.
We can use keytool to import our certificate in a new keystore.
To get more information about the keystore and its format, please refer to the previous section.
2. Enable HTTPS in Spring Boot
Whether our keystore contains a self-signed certificate or one issued by a trusted Certificate Authority, we can now set up Spring Boot to accept requests over HTTPS instead of HTTP by using that certificate.
The first thing to do is placing the keystore file inside the Spring Boot project. We want to put it in the resources folder or the root folder.
Then, we configure the server to use our brand new keystore and enable https. Let's go through the steps both for Spring Boot 1 and Spring Boot 2.
Enable HTTPS in Spring Boot 1
Let's open our application.properties file (or application.yml) and define the following properties:
Enable HTTPS in Spring Boot 2
To enable HTTPS for our Spring Boot 2 application, let's open our application.yml file (or application.properties) and define the following properties:
Configuring SSL in Spring Boot
Let's have a closer look at the SSL configuration we have just defined in our Spring Boot application properties.
server.port: the port on which the server is listening. We have used
8443rather than the default
server.ssl.key-store: the path to the key store that contains the SSL certificate. In our example, we want Spring Boot to look for it in the classpath.
server.ssl.key-store-password: the password used to access the key store.
server.ssl.key-store-type: the type of the key store (JKS or PKCS12).
server.ssl.key-alias: the alias that identifies the key in the key store.
server.ssl.key-password: the password used to access the key in the key store.
Configure Spring Security to require HTTPS requests
When using Spring Security, we can configure it to require automatically block any request coming from a non-secure HTTP channel.
In a Spring Boot 1 application, we can achieve that by setting the
security.require-ssl property to
true, without explicitly touching our Spring Security configuration class.
To achieve the same result in a Spring Boot 2 application, we need to extend the
WebSecurityConfigurerAdapter class, since the
security.require-ssl property has been deprecated.
For more information about how to configure SSL in Spring Boot, you can have a look at the Reference Guide. If you want to find out which properties are available to configure SSL, you can refer to the definition in the code-base.
Congratulations! You have successfully enabled HTTPS in your Spring Boot application! Give it a try: run the application, open your browser and check if everything works as it should.
3. Redirect HTTP requests to HTTPS
Now that we have enabled HTTPS in our Spring Boot application and blocked any HTTP request, we want to redirect all traffic to HTTPS.
Spring allows defining just one network connector in application.properties (or application.yml). Since we have used it for HTTPS, we have to set the HTTP connector programmatically for our Tomcat web server.
The implementations for Spring Boot 1 and Spring Boot 2 are almost the same. The only difference is that some classes for server configuration have been renamed in Spring Boot 2.
Configuring Tomcat for Spring Boot 1
Configuring Tomcat for Spring Boot 2
4. Distribute the SSL certificate to clients
When using a self-signed SSL certificate, our browser won't trust our application and will warn the user that it's not secure. And that'll be the same with any other client.
It's possible to make a client trust our application by providing it with our certificate.
Extract an SSL certificate from a keystore
We have stored our certificate inside a keystore, so we need to extract it. Again, keytool supports us very well:
The keystore can be in JKS or PKCS12 format. During the execution of this command, keytool will ask us for the keystore password that we set at the beginning of this tutorial (the extremely secure password).
Now we can import our certificate into our client. Later, we'll see how to import the certificate into the JRE in case we need it to trust our application.
Make a browser trust an SSL certificate
When using a keystore in the industry-standard PKCS12 format, we should be able to use it directly without extracting the certificate.
I suggest you check the official guide on how to import a PKCS12 file into your specific client. On macOS, for example, we can directly import a certificate into the Keychain Access (which browsers like Safari, Chrome and Opera rely on to manage certificates).
If deploying the application on localhost, we may need to do a further step from our browser: enabling insecure connections with localhost.
In Firefox, we are shown an alert message. To access the application, we need to explicitly define an exception for it and make Firefox trust the certificate.
In Chrome, we can write the following URL in the search bar:
chrome://flags/#allow-insecure-localhost and activate the relative option.
Import an SSL certificate inside the JRE keystore
To make the JRE trust our certificate, we need to import it inside cacerts: the JRE trust store in charge of holding all certificates that can be trusted.
First, we need to know the path to our JDK home. A quick way to find it, if we are using Eclipse or STS as our IDE, is by going to Preferences > Java > Installed JREs. If using IntelliJ IDEA, we can access this information by going to Project Structure > SDKs and look at the value of the JDK home path field.
On macOS, it could be something like /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home. In the following, we'll refer to this location by using the placeholder
Then, from our Terminal prompt, let's insert the following command (we might need to run it with administrator privileges by prefixing it with
We'll be asked to input the JRE keystore password. If you have never changed it, it should be the default one: changeit or changeme, depending on the operating system. Finally, keytool will ask if you want to trust this certificate: let's say yes.
If everything went right, we'd see the message Certificate was added to keystore. Great!
In this tutorial, we have seen how to generate a self-signed SSL certificate, how to import an existing certificate into a keystore, how to use it to enable HTTPS inside a Spring Boot application, how to redirect HTTP to HTTPS and how to extract and distribute the certificate to clients.
On GitHub, you can find the source code for the application we have built in this tutorial.
If you want to protect the access to some resources of your application, consider using Keycloak for the authentication and authorization of the users visiting your Spring Boot or Spring Security application.
Last update: 15/12/2019
In this post, we will learn on how to create a maven web application project
- Spring Tool Suite (version: 3.9.4.RELEASE)
- Maven (version: 3.5.2)
- Java (version: 1.8)
- Tomcat (version: 9.0.2)
- Create new Maven project
- Configure Tomcat
- Create src/main/java and src/test/java folders, if there aren’t any
- Run the application
Step 1 – Create Maven web application project using either Eclipse IDE or STS
- Click New->Maven Project
- Select default location
- Select “maven-archtype-webapp”.
- Enter Group Id, Artifact Id, package details and hit finish
Below is the project structure after hitting finish
Note: If you look in the problems view, the error is “The superclass “javax.servlet.http.HttpServlet” was not found on the Java Build Path. This error indicates that http-servlet is not available in the project class path, once we add target-runtime to the project , http-servlet will be available in the project class-path.
Errors will be resolved after configuring run time server such as Tomcat server
Step 2 – To configure Tomcat server: Acronis true image free version.
- Right click on project and select “Properties”.
- Select “Targeted Runtimes” on left hand side.
- Select “Apache Tomcat v9.0”.
- Click apply and close
Step 3 – To create src/main/java and src/main/test folders,
Spring Tool Suite Java Error 13
- Right click on project structure, select “Properties”,
- Select “Java Build Path” on left hand side
- On right hand side, select “Order and Export” tab
- select “Maven Dependencies” and “JRE System Library”
- select apply and close
Note: If you still see errors, right click on project and do Maven -> update project
Step 4 – Run the application
You Need To Have C:\\Program Files\\Java\\jdk-14.0.2\\bin In Your Path. Also Check That, -vm C:\\Program Files\\Java\\jdk-14.0.2\\bin\\javaw.exe In Spri..
- Right click on project, select Run As and Run on Server
- Select Tomcat server in the window
- Select Finish
- Type http://localhost:8080/SpringMVC/ in your favorite web browser to see “Hello World” message
Spring Tool Suite Java 8
Java Decompiler For Spring Tool Suite
Final maven project structure looks like below