现象
背景
项目内部服务之间使用openfeign通过eureka注册中心进行服务间调用,与外部通过http直接调用。外部调用某个业务方提供的接口需要证书校验,因对方未提供证书故设置了忽略证书校验代码如下
java
@Configuration
public class IgnoreHttpsSSLClient {
@Bean
@ConditionalOnMissingBean
public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
return true;
}
}),
cachingFactory, clientFactory);
}
}看着没毛病,但@Configuration注解其实是对所有的feignclient都做了忽略证书处理。不过不要紧,因为其他服务都不需要证书,如此,程序运行了很久,终于一次架构升级的需求到来,开发人员升级完版本上述代码出现了编译错误,因时间久远某些jar发生了变更,不得已开发人员删除了部分内容,更新了代码然后没经过充分测试上线了,bug如期产生了,更新代码如下
java
@Configuration
public class IgnoreFeignHttpsSSLClient {
@Bean
@ConditionalOnMissingBean
public Client feignClient() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new Client.Default(ctx.getSocketFactory(), (hostname, session) -> true);
} catch (Exception e) {
return null;
}
}
}给各位3s秒钟能看出问题么,好了公布答案feignclient 由LoadBalancerFeignClient 更改成了默认feignclient导致服务间调用全都走http调用所以报了java.net.UnknownHostException。
解决方法
产生问题根本原因是应用@configuration注解作用了所有feignclient,那解决方案很简单删掉这个注解即可。