Feign忽略Https的SSL最佳方案(且保证负载均衡将失效)

  • 同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题

代码 1. 工具类 OkHttpUtils.java

java 复制代码
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

/**
 * @author Vania
 */
public class OkHttpUtils {
    /**
     * X509TrustManager instance which ignored SSL certification
     */
    public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{};
        }
    };

    /**
     * Get initialized SSLContext instance which ignored SSL certification
     *
     * @return
     * @throws NoSuchAlgorithmException
     * @throws KeyManagementException
     */
    public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());
        return sslContext;
    }

    /**
     * Get HostnameVerifier which ignored SSL certification
     *
     * @return
     */
    public static HostnameVerifier getIgnoreSslHostnameVerifier() {
        return new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };
    }
}

代码 2. 工具类 FeignConfiguration.java

java 复制代码
import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

@Slf4j
@Configuration
public class FeignConfiguration {

    /**
     * 解决 feign client 中https不安全的问题
     *
     * @param cachingFactory
     * @param clientFactory
     * @return
     */
    @Bean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        // 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效(现象:消费者无法从注册中心获取服务提供者的ip)
        // 这个只能解决忽略https证书验证
        // return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),
        //        cachingFactory, clientFactory);
        // 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题
        return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient()
                .newBuilder()
                .sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509)
                .hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier())
                .build()),
                cachingFactory, clientFactory);
    }
}
相关推荐
‍。。。1 小时前
使用Rust实现http/https正向代理
http·https·rust
田三番19 小时前
使用 vscode 简单配置 ESP32 连接 Wi-Fi 每日定时发送 HTTP 和 HTTPS 请求
单片机·物联网·http·https·嵌入式·esp32·sntp
田猿笔记1 天前
RabbitMQ 实现消息队列负载均衡
分布式·rabbitmq·负载均衡
软件技术员1 天前
acmessl.cn推荐一款好用的免费申请ssl证书的平台
网络·网络协议·ssl
Dxy12393102162 天前
python使用requests发送请求ssl错误
开发语言·python·ssl
恒创科技HK2 天前
ssh和ssl的区别在哪些方面?
运维·ssh·ssl
圈圈的熊2 天前
HTTP 和 HTTPS 的区别
前端·网络协议·http·https
凉忆-2 天前
nginx安装ssl模块教程
运维·nginx·ssl
小黄编程快乐屋3 天前
HTTP和HTTPS的区别
网络协议·http·https
GDDGHS_3 天前
HTTP和HTTPS 的作用和应用场景 (python 爬虫简单入门)
爬虫·python·网络协议·http·https