I'm trying to set up Spring Security to work with Spring Boot's embedded Tomcat instance. There are quite a few basic samples that do this but I'm stuck where they leave off — they do basic authentication over HTTP (not HTTPS).
I could probably make it work if I had access to the Tomcat configuration files (server.xml
) but since Spring Boot uses an embedded Tomcat instance (which is otherwise a huge convenience), I dont have access to the Tomcat configuration files (at least, not to my knowledge).
There may be an application.properties
setting for this but I haven't been able to track it down. I've seen references to a server.contextPath
field in application.properties
that I suspect may have something to do with replacement Tomcat config files. Even if it is related, I wouldn't know where to begin anyway — all of the Tomcat SSL instructions I've seen start with editing an existing server.xml
file, not building one from scratch.
Can this be done with Spring Boot (either by somehow specifying a snippet of server.xml
or through other means)? If not, what would be the simplest way to do this? I understand that I may need to exclude the Tomcat component of Spring Boot but I'd prefer to avoid that if possible.
Best Answer
Starting with Spring Boot 1.2, you can configure SSL using
application.properties
orapplication.yml
. Here's an example forapplication.properties
:Same thing with
application.yml
:Here's a link to the current reference documentation.