Feign忽略Https的SSL最佳方案(且保证负载均衡将失效)

  • 同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题

代码 1. 工具类 OkHttpUtils.java

java 复制代码
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

/**
 * @author Vania
 */
public class OkHttpUtils {
    /**
     * X509TrustManager instance which ignored SSL certification
     */
    public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{};
        }
    };

    /**
     * Get initialized SSLContext instance which ignored SSL certification
     *
     * @return
     * @throws NoSuchAlgorithmException
     * @throws KeyManagementException
     */
    public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());
        return sslContext;
    }

    /**
     * Get HostnameVerifier which ignored SSL certification
     *
     * @return
     */
    public static HostnameVerifier getIgnoreSslHostnameVerifier() {
        return new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };
    }
}

代码 2. 工具类 FeignConfiguration.java

java 复制代码
import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

@Slf4j
@Configuration
public class FeignConfiguration {

    /**
     * 解决 feign client 中https不安全的问题
     *
     * @param cachingFactory
     * @param clientFactory
     * @return
     */
    @Bean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        // 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效(现象:消费者无法从注册中心获取服务提供者的ip)
        // 这个只能解决忽略https证书验证
        // return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),
        //        cachingFactory, clientFactory);
        // 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题
        return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient()
                .newBuilder()
                .sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509)
                .hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier())
                .build()),
                cachingFactory, clientFactory);
    }
}
相关推荐
云飞云共享云桌面11 小时前
单机建模卡顿运维繁琐!中小型机械制造厂云飞云 3D 云桌面落地
运维·服务器·网络·3d·自动化·电脑·负载均衡
2501_9160088918 小时前
iOS 证书管理最佳实践 从创建到续期的完整指南
android·ios·小程序·https·uni-app·iphone·webview
spider_xcxc1 天前
告别单点故障:阿里云CLB负载均衡从入门到实战
阿里云·云计算·负载均衡
逆向编程2 天前
MySQL 负载均衡完整入门实战教程
mysql·adb·负载均衡
fen_fen2 天前
Docker部署PostgreSQL10 开启SSL和证书安装文档
docker·容器·ssl
2501_915918412 天前
PerfDog 太贵?iOS 性能监控工具的功能对比与选择
android·ios·小程序·https·uni-app·iphone·webview
weixin_545019322 天前
Nginx 配置SSL实现HTTPS访问
nginx·https·ssl
Token炼金师3 天前
服务的骨架:网关、负载均衡、容灾、弹性与多机房 —— 推理系统架构五柱
人工智能·系统架构·llm·负载均衡·容灾·kv cache·prefix cache
2501_915909063 天前
IPA 深度混淆是什么意思?从混淆强度到实际效果的解读
android·ios·小程序·https·uni-app·iphone·webview
全栈前端老曹3 天前
【MongoDB】安全与权限管理 —— 用户认证、角色权限、SSL 加密
前端·javascript·数据库·安全·mongodb·nosql·ssl