Feign系列 - 绕过SSL验证的计划

背景

做一个我的项目的时候，须要调用https的接口，然而对方的ssl证书曾经过期，而Feign默认会进行SSL认证，导致接口调用有点问题。

解决方案这里记录下。

Maven依赖

Spring Boot：2.2.8.RELEASE

Spring Cloud：Hoxton.SR8

<dependency>  <groupId>org.springframework.cloud</groupId>  <artifactId>spring-cloud-starter-openfeign</artifactId></dependency><dependency>  <groupId>org.springframework.cloud</groupId>  <artifactId>spring-cloud-starter-netflix-ribbon</artifactId></dependency><dependency>  <groupId>io.github.openfeign</groupId>  <artifactId>feign-httpclient</artifactId></dependency>

代码

创立Feign的配置类

import feign.Client;import feign.codec.Encoder;import feign.form.FormEncoder;import org.springframework.beans.factory.ObjectFactory;import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;import org.springframework.boot.autoconfigure.http.HttpMessageConverters;import org.springframework.cloud.netflix.ribbon.SpringClientFactory;import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;import org.springframework.cloud.openfeign.support.SpringEncoder;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;import java.security.KeyManagementException;import java.security.NoSuchAlgorithmException;import java.security.cert.X509Certificate;@Configurationpublic class FeignConfiguration {    @Bean    public CachingSpringLoadBalancerFactory cachingFactory(SpringClientFactory clientFactory) {        return new CachingSpringLoadBalancerFactory(clientFactory);    }    @Bean    @ConditionalOnMissingBean    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,                              SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {        SSLContext ctx = SSLContext.getInstance("SSL");        X509TrustManager tm = new X509TrustManager() {            @Override            public void checkClientTrusted(X509Certificate[] chain, String authType) {            }            @Override            public void checkServerTrusted(X509Certificate[] chain, String authType) {            }            @Override            public X509Certificate[] getAcceptedIssuers() {                return null;            }        };        ctx.init(null, new TrustManager[]{tm}, null);        return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),                (hostname, session) -> true),                cachingFactory, clientFactory);    }}

Feign接口

import org.springframework.cloud.openfeign.FeignClient;import org.springframework.http.MediaType;import org.springframework.web.bind.annotation.PostMapping;import java.util.Map;@FeignClient(name = "ignoreSSLFeign", url="https://127.0.0.1:8080", configuration = FeignConfiguration.class)public interface IgnoreSSLFeign {    @PostMapping(value = "/ignore/ssl")    Object test(TestParam param);}

增加EnableFeignClients使FeignClient注解失效

import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.cloud.openfeign.EnableFeignClients;@EnableFeignClients@SpringBootApplicationpublic class AppRun {    public static void main(String[] args) {        SpringApplication.run(AppRun.class, args);    }}