关于spring:Feign系列-绕过SSL验证的方案

62次阅读

共计 3024 个字符,预计需要花费 8 分钟才能阅读完成。

Feign 系列 – 绕过 SSL 验证的计划

背景

做一个我的项目的时候,须要调用 https 的接口,然而对方的 ssl 证书曾经过期,而 Feign 默认会进行 SSL 认证,导致接口调用有点问题。

解决方案这里记录下。

Maven 依赖

  • Spring Boot:2.2.8.RELEASE
  • Spring Cloud:Hoxton.SR8
    <!–more–>

    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-openfeign</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-netflix-ribbon</artifactId>
    </dependency>
    <dependency>
      <groupId>io.github.openfeign</groupId>
      <artifactId>feign-httpclient</artifactId>
    </dependency>

代码

创立 Feign 的配置类

import feign.Client;
import feign.codec.Encoder;
import feign.form.FormEncoder;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.http.HttpMessageConverters;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.cloud.openfeign.support.SpringEncoder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;

@Configuration
public class FeignConfiguration {

    @Bean
    public CachingSpringLoadBalancerFactory cachingFactory(SpringClientFactory clientFactory) {return new CachingSpringLoadBalancerFactory(clientFactory);
    }

    @Bean
    @ConditionalOnMissingBean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
                              SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {SSLContext ctx = SSLContext.getInstance("SSL");
        X509TrustManager tm = new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) { }
            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) { }
            @Override
            public X509Certificate[] getAcceptedIssuers() {return null;}
        };
        ctx.init(null, new TrustManager[]{tm}, null);
        return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),
                (hostname, session) -> true),
                cachingFactory, clientFactory);
    }
}

Feign 接口

import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.PostMapping;

import java.util.Map;


@FeignClient(name = "ignoreSSLFeign", url="https://127.0.0.1:8080", configuration = FeignConfiguration.class)
public interface IgnoreSSLFeign {@PostMapping(value = "/ignore/ssl")
    Object test(TestParam param);

}

增加 EnableFeignClients 使 FeignClient 注解失效

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.openfeign.EnableFeignClients;

@EnableFeignClients
@SpringBootApplication
public class AppRun {public static void main(String[] args) {SpringApplication.run(AppRun.class, args);
    }

}

正文完
 0