Securing Spring Boot 3 Applications With SSL Bundles
Last Updated :
16 Jul, 2024
In a web environment, securing an application is a crucial necessity. SSL, a Secure Socket Layer, provides a secure channel between the client and server by encrypting the transmitted data. In this article, we will go through the steps to secure a Spring Boot 3 application using SSL Bundles.
What is SSL?
SSL stands for Secure Socket Layer. It is a standard security technology for establishing the encrypted link between server and client typically the web server and browser. It ensures that all the data passed between the web server and browsers remains private.
Why Use SSL?
- Data Encryption: SSL encrypts the data transmitted between the server and the client. It can ensure that sensitive information like login credentials and personal details are secure.
- Authentication: SSL provides authentication and ensures the data is being sent to the right server and not to the imposter trying to steal information.
- Data Integrity: SSL ensures that the data being transmitted is not altered in the transit and providing the data integrity.
How SSL Works
1. Handshake process:
- When the browser to connect to the web server then the server sends a copy of its SSL certificate to the browser.
- The browser checks whether it trust the SSL certificate. If so, it sends the message to the server.
- The server sends back a digitally signed acknowledgment to start the SSL encrypted session.
- Encrypted data is shared between the browser and server.
2. SSL Certificates:
- Self-Signed Certificates: These are not verified by the trusted Certificate Authority (CA) and it usually used for the testing purposes.
- CA-Signed Certificates: It can be issued by the trusted Certificate Authorities, they provide the higher level of trust and are suitable for the production use.
Prerequisites:
- Basic knowledge of Spring Boot.
- JDK and Intellij Idea installed in your local system.
- Maven for building dependency management.
- Java key tool for generating SSL certificates.
Implementation to Secure Spring Boot 3 Applications With SSL Bundles
Step 1: Create a new Spring Boot Project
Create a new Spring Project using IntelliJ idea and add the below dependencies into the project.
Dependencies:
- Spring Web
- Lombok
- Spring DevTools
After project creation done, the folder structure will look like the below image:
Step 2: Configuring SSL in Spring Boot Project
Use the keytool to generate the SSL certificate. The generated keystore.p12 will be placed in the src/main/resources directory of the Spring Boot project.
keytool -genkeypair -alias mysslkey -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650
Step 3: Configure the Spring Boot to use the SSL certificate
Open the application.properties file and add the SSL configuration to the project.
spring.application.name=spring-SLL
server.port=8443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=mahesh
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=mysslkey
spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.suffix=.html
SSL Configuration Options:
- server.ssl.key-store: It indicates the location of the keystore file that contains the SSL certificate.
- server.ssl.key-store-password: The password used to access the keystore.
- server.ssl.key-store-type: It indicates the type of keystore (PKCS12).
- server.ssl.key-alias: It indicates alias that identifies the key in the keystore.
Step 4: Create the HomeController Class
Create a simple controller to map the root URL to an HTML page.
Go to src > main > com.gfg.springsll > HomeController and put the below code.
Java
package com.gfg.springSSL;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
// Mapping the root URL to the index.html page
@GetMapping("/")
public String index() {
return "index";
}
}
Step 5: Main Class
No changes are required in the main class.
Java
package com.gfg.springSSL;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringSSLApplication {
// Main method to run the Spring Boot application
public static void main(String[] args) {
SpringApplication.run(SpringSSLApplication.class, args);
}
}
Step 6: Create the Index HTML Page.
Create a simple HTML page to display a welcome message.
Go to src > main > resources > templates > index.html and put the HTML code.
HTML
<!DOCTYPE html>
<html>
<head>
<title>Spring Boot SSL Example</title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f0f0f0;
color: #333;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
margin: 0;
}
.container {
text-align: center;
background-color: #e8f5e9;
padding: 50px;
border-radius: 10px;
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
}
h1 {
color: #388e3c;
}
.button {
background-color: #66bb6a;
color: white;
padding: 15px 25px;
border: none;
border-radius: 5px;
cursor: pointer;
font-size: 16px;
margin-top: 20px;
}
.button:hover {
background-color: #4caf50;
}
</style>
</head>
<body>
<div class="container">
<h1>Welcome to the Spring Boot SSL Example!</h1>
<p>This is a simple example demonstrating how to secure a Spring Boot application with SSL.</p>
<button class="button">Learn More</button>
</div>
</body>
</html>
pom.xml file:
XML
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.3.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.auxentios</groupId>
<artifactId>spring-SLL</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-SLL</name>
<description>spring-SLL</description>
<url/>
<licenses>
<license/>
</licenses>
<developers>
<developer/>
</developers>
<scm>
<connection/>
<developerConnection/>
<tag/>
<url/>
</scm>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
Step 7: Run the application
Now, run the application. It will start at port 8443.
Step 8: Test the Application
Open your browser and navigate to https://localhost:8443. You should see the application server running over HTTPS.
This example project demonstrates how to secure a Spring Boot 3 application with SSL by configuring the SSL certificate, updating application properties, and setting up a basic controller and HTML page.
Benefits of Using SSL:
- Security: SSL provides the secure channel for the communication and protecting the sensitive data from eavesdroppers.
- Trust: Users are more likely to trust and interact with the website that use the SSL. It is indicated by the HTTPS in the URL and the padlock icon in the browser.
- Compliance: Many regulations and standards such as the GDPR and PCI-DSS and it require the use of the SSL to protect the data in transit.
Conclusion
Securing the Spring Boot application with SSL can be essential for protecting the data between the client and server. By the following these steps outlined in this article, we can easily secure the Spring Boot application using SSL certificate. It is not only enhances security but also builds the trust with users who can see that your application uses HTTPS.
Similar Reads
Securing Spring Boot API With API Key and Secret
In Web applications, securing the APIs is critical. One of the common methods of securing the APIs is by using API keys and secrets. This ensures that only the authorized clients can access the API endpoints. This article can guide you through the process of securing the Spring Boot API using the AP
6 min read
Securing a Spring MVC Application with Spring Security
Securing web applications is crucial in today's world, where security threats are prevalent. Spring Security is a powerful, customizable authentication and access-control framework that is part of the larger Spring ecosystem. It helps secure Spring MVC applications by managing authentication, author
6 min read
application.yml vs bootstrap.yml in Spring Boot
In this article, we will discuss application.yml vs bootstrap.yml in Spring Boot and how application.yml or bootstrap.yml are useful in Application development. The application.yml is auto-configured by the Spring Boot framework to handle the development but for the bootstrap.yml we need to configur
2 min read
Dockerize Spring Boot Application With PostgresSQL
In recent years, Docker has revolutionized the way in which we deploy and manage applications, offering a lightweight and productive solution for packaging software and its conditions into containers. For developers working with Spring Boot, a well known Java system for building undertaking grade ap
8 min read
How to Run Spring Boot Application?
Spring Boot is built on the top of Spring and contains all the features of Spring. And it is becoming a favorite of developers these days because of its rapid production-ready environment which enables the developers to directly focus on the logic instead of struggling with the configuration and set
8 min read
Configuring Spring Boot Applications with Maven Profiles
In a software development environment, applications must often be configured differently for various environments such as development, testing, and production. Managing these configurations can be challenging, but Maven provides powerful features called profiles to handle this. Maven profiles allow
5 min read
Spring Boot 3.0 - JWT Authentication with Spring Security using MySQL Database
In Spring Security 5.7.0, the Spring team deprecated the WebSecurityConfigurerAdapter, as they encourage users to move towards a component-based security configuration. Spring Boot 3.0 has come with many changes in Spring Security. In this article, we are going to learn how to implement JWT authenti
8 min read
Spring Boot – Using Spring Boot with Apache Camel
Apache Camel and Spring Boot are two powerful frameworks that can be seamlessly integrated to build robust, scalable, and efficient applications. Apache Camel is an open-source integration framework that provides an extensive range of components and connectors, enabling developers to integrate diffe
5 min read
Deploying Scalable Applications with Azure
In modern software development, deploying a scalable application is an important task. With the increase in the number of users, the applications have to handle a large user database, for this, they require a robust infrastructure that is also scalable which will ensure seamless performance and reli
7 min read
How to Deploy Spring Boot Application in Kubernetes ?
The Spring Boot framework provides an assortment of pre-configured templates and tools to make the development of Java-based applications simpler. With little configuration, it enables developers to quickly design production-ready, stand-alone apps. Kubernetes, commonly referred to as K8s, is an ope
7 min read