Feign忽略Https的SSL最佳方案(且保证负载均衡将失效)

  • 同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题

代码 1. 工具类 OkHttpUtils.java

java 复制代码
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

/**
 * @author Vania
 */
public class OkHttpUtils {
    /**
     * X509TrustManager instance which ignored SSL certification
     */
    public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{};
        }
    };

    /**
     * Get initialized SSLContext instance which ignored SSL certification
     *
     * @return
     * @throws NoSuchAlgorithmException
     * @throws KeyManagementException
     */
    public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());
        return sslContext;
    }

    /**
     * Get HostnameVerifier which ignored SSL certification
     *
     * @return
     */
    public static HostnameVerifier getIgnoreSslHostnameVerifier() {
        return new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };
    }
}

代码 2. 工具类 FeignConfiguration.java

java 复制代码
import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

@Slf4j
@Configuration
public class FeignConfiguration {

    /**
     * 解决 feign client 中https不安全的问题
     *
     * @param cachingFactory
     * @param clientFactory
     * @return
     */
    @Bean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        // 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效(现象:消费者无法从注册中心获取服务提供者的ip)
        // 这个只能解决忽略https证书验证
        // return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),
        //        cachingFactory, clientFactory);
        // 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题
        return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient()
                .newBuilder()
                .sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509)
                .hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier())
                .build()),
                cachingFactory, clientFactory);
    }
}
相关推荐
木子_lishk1 小时前
gateway 支持同时使用 https 和 http访问
https·gateway
跳跳的向阳花2 小时前
03-03、SpringCloud第三章,负载均衡Ribbon和Feign
spring cloud·ribbon·负载均衡
网络安全-老纪14 小时前
iOS应用网络安全之HTTPS
web安全·ios·https
lxkj_20241 天前
修改ffmpeg实现https-flv内容加密
网络协议·https·ffmpeg
千羽星弦1 天前
Apache和HTTPS证书的生成与安装
网络协议·https·apache
linweidong1 天前
MariaDB面试题及参考答案
linux·运维·数据库·负载均衡·dba·mariadb·后端面试
可涵不会debug2 天前
【Linux|计算机网络】HTTPS工作原理与安全机制详解
linux·网络协议·http·网络安全·https
hotlinhao2 天前
阿里云IIS虚拟主机部署ssl证书
阿里云·云计算·ssl
lu云之东2 天前
Harbor2.11.1生成自签证和配置HTTPS访问
网络协议·http·docker·https·harbor
helloWorldZMY2 天前
超文本传输协议(HTTP)与超文本传输安全协议(HTTPS)
网络协议·计算机网络·http·https