diff --git a/spring-boot-dependencies/pom.xml b/spring-boot-dependencies/pom.xml index ef30eaf3db..d9e597b203 100644 --- a/spring-boot-dependencies/pom.xml +++ b/spring-boot-dependencies/pom.xml @@ -134,7 +134,7 @@ 2.1.1.RELEASE 1.2.9 1.3 - 8.0.26 + 8.0.28 1.1.8.Final 1.7 2.0 diff --git a/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-docs/src/main/asciidoc/howto.adoc index 57a39a8b96..6d8617570b 100644 --- a/spring-boot-docs/src/main/asciidoc/howto.adoc +++ b/spring-boot-docs/src/main/asciidoc/howto.adoc @@ -423,10 +423,6 @@ typically in `application.properties` or `application.yml`. For example: See {sc-spring-boot}/context/embedded/Ssl.{sc-ext}[`Ssl`] for details of all of the supported properties. -NOTE: Tomcat requires the key store (and trust store if you're using one) to be directly -accessible on the filesystem, i.e. it cannot be read from within a jar file. This -limitation doesn't apply to Jetty and Undertow. - Using configuration like the example above means the application will no longer support plain HTTP connector at port 8080. Spring Boot doesn't support the configuration of both an HTTP connector and an HTTPS connector via `application.properties`. If you want to diff --git a/spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties b/spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties index c889728394..37199bfd25 100644 --- a/spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties +++ b/spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties @@ -1,4 +1,4 @@ server.port = 8443 -server.ssl.key-store = sample.jks +server.ssl.key-store = classpath:sample.jks server.ssl.key-store-password = secret -server.ssl.key-password = password \ No newline at end of file +server.ssl.key-password = password diff --git a/spring-boot-samples/spring-boot-sample-tomcat-ssl/sample.jks b/spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/sample.jks similarity index 100% rename from spring-boot-samples/spring-boot-sample-tomcat-ssl/sample.jks rename to spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/sample.jks diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java index 329e5a6fbc..c49d94313c 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java @@ -285,8 +285,7 @@ public class TomcatEmbeddedServletContainerFactory private void configureSslKeyStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) { try { - File file = ResourceUtils.getFile(ssl.getKeyStore()); - protocol.setKeystoreFile(file.getAbsolutePath()); + protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString()); } catch (FileNotFoundException ex) { throw new EmbeddedServletContainerException( @@ -303,8 +302,8 @@ public class TomcatEmbeddedServletContainerFactory private void configureSslTrustStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) { if (ssl.getTrustStore() != null) { try { - File file = ResourceUtils.getFile(ssl.getTrustStore()); - protocol.setTruststoreFile(file.getAbsolutePath()); + protocol.setTruststoreFile( + ResourceUtils.getURL(ssl.getTrustStore()).toString()); } catch (FileNotFoundException ex) { throw new EmbeddedServletContainerException( diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java index db955bbd59..6e2e3846c2 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java @@ -311,14 +311,19 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { } @Test - public void basicSsl() throws Exception { + public void basicSslFromClassPath() throws Exception { + testBasicSslWithKeyStore("classpath:test.jks"); + } + + @Test + public void basicSslFromFileSystem() throws Exception { testBasicSslWithKeyStore("src/test/resources/test.jks"); } @Test public void sslDisabled() throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); - Ssl ssl = getSsl(null, "password", "src/test/resources/test.jks"); + Ssl ssl = getSsl(null, "password", "classpath:test.jks"); ssl.setEnabled(false); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer( @@ -374,8 +379,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { public void pkcs12KeyStoreAndTrustStore() throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); addTestTxtFile(factory); - factory.setSsl(getSsl(ClientAuth.NEED, null, "src/test/resources/test.p12", - "src/test/resources/test.p12")); + factory.setSsl(getSsl(ClientAuth.NEED, null, "classpath:test.p12", + "classpath:test.p12")); this.container = factory.getEmbeddedServletContainer(); this.container.start(); KeyStore keyStore = KeyStore.getInstance("pkcs12"); @@ -398,8 +403,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); addTestTxtFile(factory); - factory.setSsl(getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks", - "src/test/resources/test.jks")); + factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks", + "classpath:test.jks")); this.container = factory.getEmbeddedServletContainer(); this.container.start(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -422,8 +427,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); addTestTxtFile(factory); - factory.setSsl( - getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks")); + factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks")); this.container = factory.getEmbeddedServletContainer(); this.container.start(); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( @@ -441,8 +445,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); addTestTxtFile(factory); - factory.setSsl( - getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks")); + factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks")); this.container = factory.getEmbeddedServletContainer(); this.container.start(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -465,8 +468,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); addTestTxtFile(factory); - factory.setSsl( - getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks")); + factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks")); this.container = factory.getEmbeddedServletContainer(); this.container.start(); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(