Feign忽略Https的SSL最佳方案(且保证负载均衡将失效)

  • 同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题

代码 1. 工具类 OkHttpUtils.java

java 复制代码
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

/**
 * @author Vania
 */
public class OkHttpUtils {
    /**
     * X509TrustManager instance which ignored SSL certification
     */
    public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{};
        }
    };

    /**
     * Get initialized SSLContext instance which ignored SSL certification
     *
     * @return
     * @throws NoSuchAlgorithmException
     * @throws KeyManagementException
     */
    public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());
        return sslContext;
    }

    /**
     * Get HostnameVerifier which ignored SSL certification
     *
     * @return
     */
    public static HostnameVerifier getIgnoreSslHostnameVerifier() {
        return new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };
    }
}

代码 2. 工具类 FeignConfiguration.java

java 复制代码
import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

@Slf4j
@Configuration
public class FeignConfiguration {

    /**
     * 解决 feign client 中https不安全的问题
     *
     * @param cachingFactory
     * @param clientFactory
     * @return
     */
    @Bean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        // 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效(现象:消费者无法从注册中心获取服务提供者的ip)
        // 这个只能解决忽略https证书验证
        // return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),
        //        cachingFactory, clientFactory);
        // 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题
        return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient()
                .newBuilder()
                .sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509)
                .hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier())
                .build()),
                cachingFactory, clientFactory);
    }
}
相关推荐
tmacfrank3 小时前
Android 网络全栈攻略(四)—— TCPIP 协议族与 HTTPS 协议
android·网络·https
2501_916013744 小时前
iOS 多线程导致接口乱序?抓包还原 + 请求调度优化实战
websocket·网络协议·tcp/ip·http·网络安全·https·udp
你不知道我是谁?11 小时前
负载均衡--常见负载均衡算法
运维·负载均衡
星融元asterfusion12 小时前
基于路径质量的AI负载均衡异常路径检测与恢复策略
人工智能·负载均衡·异常路径
小马爱打代码17 小时前
微服务外联Feign调用:第三方API调用的负载均衡与容灾实战
微服务·架构·负载均衡
charlee4421 小时前
nginx部署发布Vite项目
nginx·性能优化·https·部署·vite
2501_9159214321 小时前
Fiddler 中文版怎么配合 Postman 与 Wireshark 做多环境接口调试?
websocket·网络协议·tcp/ip·http·网络安全·https·udp
游戏开发爱好者81 天前
iOS App首次启动请求异常调试:一次冷启动链路抓包与初始化流程修复
websocket·网络协议·tcp/ip·http·网络安全·https·udp
2501_915106321 天前
频繁迭代下完成iOS App应用上架App Store:一次快速交付项目的完整回顾
websocket·网络协议·tcp/ip·http·网络安全·https·udp
00后程序员张1 天前
免Mac上架实战:全平台iOS App上架流程的工具协作经验
websocket·网络协议·tcp/ip·http·网络安全·https·udp