URL based SSL Certificate Verification in Spring Boot

Question

My requirement is to secure my APIs with SSL using spring boot. I have explored two options

      **1. Enable SSL certificate verification for all APIs using application.properties SSL confiuration.
      2. Enable SSL for HTTPS port using application.properties**
      
Is there any way to configure URL(Servlet Path) based SSL certificate verification in Spring boot? .
Like some urls should be consumed by SSL certificate only.

Any help will be greatly appreciated!!!

This can be done with Spring Securtiy. This might be helpful: https://www.baeldung.com/spring-channel-security-https — Sebastian, Oct 06 '20 at 08:00
Thanks @Sebastian, Its really helpful. I will implement that — Selva, Oct 06 '20 at 10:32

Sam YC · Answer 1 · 2020-10-06T08:09:36.817

Like some urls should be consumed by SSL certificate only.

For this one, don't think it is possible. HTTPS stick to specific port and it is only one port. If you deploy your spring boot as Jar and turn on SSL, all connection to that port will be HTTPS. You need to split your app into two apps in this case, one for HTTP and another for HTTPS.

Even you deploy as WAR onto externally provided tomcat, you probably can't run away this, because SSL is restricted to port level. You can refer to this for more if you plan to deploy as WAR.

Updated:

Unless you are ok like what @Sebastian suggested, you can deploy as two port are configured, one is HTTP (80) and another is HTTPS (443). Then you can use http:// and https:// to achieve your objective, although it doesn't sound like what you want here Is there any way to configure URL(Servlet Path) based SSL certificate verification.

Thanks Sam, Objective is make the idempotent request as insecure and other request as secure based on url — Selva, Oct 06 '20 at 10:34

URL based SSL Certificate Verification in Spring Boot

1 Answers1