Add SSL service connection support for Redis

See gh-41137

Author: mhalbritter

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/JedisConnectionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,21 +92,17 @@ JedisConnectionFactory redisConnectionFactoryVirtualThreads(
 	private JedisConnectionFactory createJedisConnectionFactory(
 			ObjectProvider<JedisClientConfigurationBuilderCustomizer> builderCustomizers) {
 		JedisClientConfiguration clientConfiguration = getJedisClientConfiguration(builderCustomizers);
-		if (getSentinelConfig() != null) {
-			return new JedisConnectionFactory(getSentinelConfig(), clientConfiguration);
-		}
-		if (getClusterConfiguration() != null) {
-			return new JedisConnectionFactory(getClusterConfiguration(), clientConfiguration);
-		}
-		return new JedisConnectionFactory(getStandaloneConfig(), clientConfiguration);
+		return switch (this.mode) {
+			case STANDALONE -> new JedisConnectionFactory(getStandaloneConfig(), clientConfiguration);
+			case CLUSTER -> new JedisConnectionFactory(getClusterConfiguration(), clientConfiguration);
+			case SENTINEL -> new JedisConnectionFactory(getSentinelConfig(), clientConfiguration);
+		};
 	}
 
 	private JedisClientConfiguration getJedisClientConfiguration(
 			ObjectProvider<JedisClientConfigurationBuilderCustomizer> builderCustomizers) {
 		JedisClientConfigurationBuilder builder = applyProperties(JedisClientConfiguration.builder());
-		if (isSslEnabled()) {
-			applySsl(builder);
-		}
+		applySslIfNeeded(builder);
 		RedisProperties.Pool pool = getProperties().getJedis().getPool();
 		if (isPoolEnabled(pool)) {
 			applyPooling(pool, builder);
@@ -126,18 +122,19 @@ private JedisClientConfigurationBuilder applyProperties(JedisClientConfiguration
 		return builder;
 	}
 
-	private void applySsl(JedisClientConfigurationBuilder builder) {
-		JedisSslClientConfigurationBuilder sslBuilder = builder.useSsl();
-		if (getProperties().getSsl().getBundle() != null) {
-			SslBundle sslBundle = getSslBundles().getBundle(getProperties().getSsl().getBundle());
-			sslBuilder.sslSocketFactory(sslBundle.createSslContext().getSocketFactory());
-			SslOptions sslOptions = sslBundle.getOptions();
-			SSLParameters sslParameters = new SSLParameters();
-			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
-			map.from(sslOptions.getCiphers()).to(sslParameters::setCipherSuites);
-			map.from(sslOptions.getEnabledProtocols()).to(sslParameters::setProtocols);
-			sslBuilder.sslParameters(sslParameters);
+	private void applySslIfNeeded(JedisClientConfigurationBuilder builder) {
+		SslBundle sslBundle = getSslBundle();
+		if (sslBundle == null) {
+			return;
 		}
+		JedisSslClientConfigurationBuilder sslBuilder = builder.useSsl();
+		sslBuilder.sslSocketFactory(sslBundle.createSslContext().getSocketFactory());
+		SslOptions sslOptions = sslBundle.getOptions();
+		SSLParameters sslParameters = new SSLParameters();
+		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
+		map.from(sslOptions.getCiphers()).to(sslParameters::setCipherSuites);
+		map.from(sslOptions.getEnabledProtocols()).to(sslParameters::setProtocols);
+		sslBuilder.sslParameters(sslParameters);
 	}
 
 	private void applyPooling(RedisProperties.Pool pool,

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/LettuceConnectionConfiguration.java

@@ -116,31 +116,27 @@ private LettuceConnectionFactory createConnectionFactory(
 			ObjectProvider<LettuceClientConfigurationBuilderCustomizer> clientConfigurationBuilderCustomizers,
 			ObjectProvider<LettuceClientOptionsBuilderCustomizer> clientOptionsBuilderCustomizers,
 			ClientResources clientResources) {
-		LettuceClientConfiguration clientConfig = getLettuceClientConfiguration(clientConfigurationBuilderCustomizers,
-				clientOptionsBuilderCustomizers, clientResources, getProperties().getLettuce().getPool());
-		return createLettuceConnectionFactory(clientConfig);
-	}
-
-	private LettuceConnectionFactory createLettuceConnectionFactory(LettuceClientConfiguration clientConfiguration) {
-		if (getSentinelConfig() != null) {
-			return new LettuceConnectionFactory(getSentinelConfig(), clientConfiguration);
-		}
-		if (getClusterConfiguration() != null) {
-			return new LettuceConnectionFactory(getClusterConfiguration(), clientConfiguration);
-		}
-		return new LettuceConnectionFactory(getStandaloneConfig(), clientConfiguration);
+		LettuceClientConfiguration clientConfiguration = getLettuceClientConfiguration(
+				clientConfigurationBuilderCustomizers, clientOptionsBuilderCustomizers, clientResources,
+				getProperties().getLettuce().getPool());
+		return switch (this.mode) {
+			case STANDALONE -> new LettuceConnectionFactory(getStandaloneConfig(), clientConfiguration);
+			case CLUSTER -> new LettuceConnectionFactory(getClusterConfiguration(), clientConfiguration);
+			case SENTINEL -> new LettuceConnectionFactory(getSentinelConfig(), clientConfiguration);
+		};
 	}
 
 	private LettuceClientConfiguration getLettuceClientConfiguration(
 			ObjectProvider<LettuceClientConfigurationBuilderCustomizer> clientConfigurationBuilderCustomizers,
 			ObjectProvider<LettuceClientOptionsBuilderCustomizer> clientOptionsBuilderCustomizers,
 			ClientResources clientResources, Pool pool) {
 		LettuceClientConfigurationBuilder builder = createBuilder(pool);
-		applyProperties(builder);
+		SslBundle sslBundle = getSslBundle();
+		applyProperties(builder, sslBundle);
 		if (StringUtils.hasText(getProperties().getUrl())) {
 			customizeConfigurationFromUrl(builder);
 		}
-		builder.clientOptions(createClientOptions(clientOptionsBuilderCustomizers));
+		builder.clientOptions(createClientOptions(clientOptionsBuilderCustomizers, sslBundle));
 		builder.clientResources(clientResources);
 		clientConfigurationBuilderCustomizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
 		return builder.build();
@@ -153,8 +149,8 @@ private LettuceClientConfigurationBuilder createBuilder(Pool pool) {
 		return LettuceClientConfiguration.builder();
 	}
 
-	private void applyProperties(LettuceClientConfiguration.LettuceClientConfigurationBuilder builder) {
-		if (isSslEnabled()) {
+	private void applyProperties(LettuceClientConfigurationBuilder builder, SslBundle sslBundle) {
+		if (sslBundle != null) {
 			builder.useSsl();
 		}
 		if (getProperties().getTimeout() != null) {
@@ -195,14 +191,14 @@ private String getCanonicalReadFromName(String name) {
 	}
 
 	private ClientOptions createClientOptions(
-			ObjectProvider<LettuceClientOptionsBuilderCustomizer> clientConfigurationBuilderCustomizers) {
+			ObjectProvider<LettuceClientOptionsBuilderCustomizer> clientConfigurationBuilderCustomizers,
+			SslBundle sslBundle) {
 		ClientOptions.Builder builder = initializeClientOptionsBuilder();
 		Duration connectTimeout = getProperties().getConnectTimeout();
 		if (connectTimeout != null) {
 			builder.socketOptions(SocketOptions.builder().connectTimeout(connectTimeout).build());
 		}
-		if (isSslEnabled() && getProperties().getSsl().getBundle() != null) {
-			SslBundle sslBundle = getSslBundles().getBundle(getProperties().getSsl().getBundle());
+		if (sslBundle != null) {
 			io.lettuce.core.SslOptions.Builder sslOptionsBuilder = io.lettuce.core.SslOptions.builder();
 			sslOptionsBuilder.keyManager(sslBundle.getManagers().getKeyManagerFactory());
 			sslOptionsBuilder.trustManager(sslBundle.getManagers().getTrustManagerFactory());

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/PropertiesRedisConnectionDetails.java

@@ -18,6 +18,11 @@
 
 import java.util.List;
 
+import org.springframework.boot.ssl.SslBundle;
+import org.springframework.boot.ssl.SslBundles;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
 /**
  * Adapts {@link RedisProperties} to {@link RedisConnectionDetails}.
  *
@@ -32,8 +37,11 @@ class PropertiesRedisConnectionDetails implements RedisConnectionDetails {
 
 	private final RedisProperties properties;
 
-	PropertiesRedisConnectionDetails(RedisProperties properties) {
+	private final SslBundles sslBundles;
+
+	PropertiesRedisConnectionDetails(RedisProperties properties, SslBundles sslBundles) {
 		this.properties = properties;
+		this.sslBundles = sslBundles;
 	}
 
 	@Override
@@ -52,8 +60,21 @@ public String getPassword() {
 	public Standalone getStandalone() {
 		RedisUrl redisUrl = getRedisUrl();
 		return (redisUrl != null)
-				? Standalone.of(redisUrl.uri().getHost(), redisUrl.uri().getPort(), redisUrl.database())
-				: Standalone.of(this.properties.getHost(), this.properties.getPort(), this.properties.getDatabase());
+				? Standalone.of(redisUrl.uri().getHost(), redisUrl.uri().getPort(), redisUrl.database(), getSslBundle())
+				: Standalone.of(this.properties.getHost(), this.properties.getPort(), this.properties.getDatabase(),
+						getSslBundle());
+	}
+
+	private SslBundle getSslBundle() {
+		if (!this.properties.getSsl().isEnabled()) {
+			return null;
+		}
+		String bundleName = this.properties.getSsl().getBundle();
+		if (StringUtils.hasLength(bundleName)) {
+			Assert.notNull(this.sslBundles, "SSL bundle name has been set but no SSL bundles found in context");
+			return this.sslBundles.getBundle(bundleName);
+		}
+		return SslBundle.systemDefault();
 	}
 
 	@Override
@@ -65,8 +86,7 @@ public Sentinel getSentinel() {
 	@Override
 	public Cluster getCluster() {
 		RedisProperties.Cluster cluster = this.properties.getCluster();
-		List<Node> nodes = (cluster != null) ? asNodes(cluster.getNodes()) : null;
-		return (nodes != null) ? () -> nodes : null;
+		return (cluster != null) ? new PropertiesCluster(cluster) : null;
 	}
 
 	private RedisUrl getRedisUrl() {
@@ -84,6 +104,29 @@ private Node asNode(String node) {
 		return new Node(host, port);
 	}
 
+	/**
+	 * {@link Cluster} implementation backed by properties.
+	 */
+	private class PropertiesCluster implements Cluster {
+
+		private final List<Node> nodes;
+
+		PropertiesCluster(RedisProperties.Cluster properties) {
+			this.nodes = asNodes(properties.getNodes());
+		}
+
+		@Override
+		public List<Node> getNodes() {
+			return this.nodes;
+		}
+
+		@Override
+		public SslBundle getSslBundle() {
+			return PropertiesRedisConnectionDetails.this.getSslBundle();
+		}
+
+	}
+
 	/**
 	 * {@link Sentinel} implementation backed by properties.
 	 */
@@ -123,6 +166,11 @@ public String getPassword() {
 			return this.properties.getPassword();
 		}
 
+		@Override
+		public SslBundle getSslBundle() {
+			return PropertiesRedisConnectionDetails.this.getSslBundle();
+		}
+
 	}
 
 }

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,12 +16,14 @@
 
 package org.springframework.boot.autoconfigure.data.redis;
 
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnSingleCandidate;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.ssl.SslBundles;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
@@ -51,8 +53,9 @@ public class RedisAutoConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean(RedisConnectionDetails.class)
-	PropertiesRedisConnectionDetails redisConnectionDetails(RedisProperties properties) {
-		return new PropertiesRedisConnectionDetails(properties);
+	PropertiesRedisConnectionDetails redisConnectionDetails(RedisProperties properties,
+			ObjectProvider<SslBundles> sslBundles) {
+		return new PropertiesRedisConnectionDetails(properties, sslBundles.getIfAvailable());
 	}
 
 	@Bean

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisConnectionConfiguration.java

@@ -24,6 +24,7 @@
 import org.springframework.boot.autoconfigure.data.redis.RedisConnectionDetails.Node;
 import org.springframework.boot.autoconfigure.data.redis.RedisConnectionDetails.Sentinel;
 import org.springframework.boot.autoconfigure.data.redis.RedisProperties.Pool;
+import org.springframework.boot.ssl.SslBundle;
 import org.springframework.boot.ssl.SslBundles;
 import org.springframework.data.redis.connection.RedisClusterConfiguration;
 import org.springframework.data.redis.connection.RedisNode;
@@ -62,6 +63,8 @@ abstract class RedisConnectionConfiguration {
 
 	private final SslBundles sslBundles;
 
+	protected final Mode mode;
+
 	protected RedisConnectionConfiguration(RedisProperties properties, RedisConnectionDetails connectionDetails,
 			ObjectProvider<RedisStandaloneConfiguration> standaloneConfigurationProvider,
 			ObjectProvider<RedisSentinelConfiguration> sentinelConfigurationProvider,
@@ -73,6 +76,7 @@ protected RedisConnectionConfiguration(RedisProperties properties, RedisConnecti
 		this.clusterConfiguration = clusterConfigurationProvider.getIfAvailable();
 		this.connectionDetails = connectionDetails;
 		this.sslBundles = sslBundles.getIfAvailable();
+		this.mode = determineMode();
 	}
 
 	protected final RedisStandaloneConfiguration getStandaloneConfig() {
@@ -153,6 +157,17 @@ protected final SslBundles getSslBundles() {
 		return this.sslBundles;
 	}
 
+	protected SslBundle getSslBundle() {
+		return switch (this.mode) {
+			case STANDALONE -> (this.connectionDetails.getStandalone() != null)
+					? this.connectionDetails.getStandalone().getSslBundle() : null;
+			case CLUSTER -> (this.connectionDetails.getCluster() != null)
+					? this.connectionDetails.getCluster().getSslBundle() : null;
+			case SENTINEL -> (this.connectionDetails.getSentinel() != null)
+					? this.connectionDetails.getSentinel().getSslBundle() : null;
+		};
+	}
+
 	protected final boolean isSslEnabled() {
 		return getProperties().getSsl().isEnabled();
 	}
@@ -178,4 +193,20 @@ protected final RedisConnectionDetails getConnectionDetails() {
 		return this.connectionDetails;
 	}
 
+	private Mode determineMode() {
+		if (getSentinelConfig() != null) {
+			return Mode.SENTINEL;
+		}
+		if (getClusterConfiguration() != null) {
+			return Mode.CLUSTER;
+		}
+		return Mode.STANDALONE;
+	}
+
+	enum Mode {
+
+		STANDALONE, CLUSTER, SENTINEL
+
+	}
+
 }