- 同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题
代码 1. 工具类 OkHttpUtils.java
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
/**
* @author Vania
*/
public class OkHttpUtils {
/**
* X509TrustManager instance which ignored SSL certification
*/
public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
};
/**
* Get initialized SSLContext instance which ignored SSL certification
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());
return sslContext;
}
/**
* Get HostnameVerifier which ignored SSL certification
*
* @return
*/
public static HostnameVerifier getIgnoreSslHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};
}
}
代码 2. 工具类 FeignConfiguration.java
import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@Slf4j
@Configuration
public class FeignConfiguration {
/**
* 解决 feign client 中https不安全的问题
*
* @param cachingFactory
* @param clientFactory
* @return
*/
@Bean
public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
// 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效(现象:消费者无法从注册中心获取服务提供者的ip)
// 这个只能解决忽略https证书验证
// return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),
// cachingFactory, clientFactory);
// 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题
return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient()
.newBuilder()
.sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509)
.hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier())
.build()),
cachingFactory, clientFactory);
}
}
文章来源地址https://www.toymoban.com/news/detail-647177.html
文章来源:https://www.toymoban.com/news/detail-647177.html
到了这里,关于Feign忽略Https的SSL最佳方案(且保证负载均衡将失效)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!