【问题标题】:SpringBoot: FeignClient with SSL (p12)SpringBoot:使用 SSL 的 FeignClient (p12)
【发布时间】:2017-04-12 17:42:16
【问题描述】:

我正在尝试为一个使用 SSL 的外部 HTTP API 创建 FeignClient。 斗争是 - 如何用我的逻辑修改默认的 Spring FeignClient,在这种情况下是 SSL Connection Factory。所以基本上我想保留 Spring 自动为 FeignClients 做的所有好事,比如 Hystrix、Sleuth 跟踪等,并让它与我的 SSL 工厂一起工作。

将不胜感激任何建议。


这是我尝试做的:

我尝试在 ComponentScan 之外提供自定义 @Configuration:

@Configuration
public class CustomFeignConfiguration
{
    @Bean
    public Feign.Builder feignBuilder()
    {
        Client trustSSLSockets = new Client.Default(
                TrustingSSLSocketFactory.get("server1"),
                new NoopHostnameVerifier());

        log.info("feignBuilder called");
        return Feign.builder().client(trustSSLSockets);
    }
...
}

通过注解让FeignClient使用

    @FeignClient(name = "sslClient", configuration = CustomFeignConfiguration.class, url = "https://...")

“TrustingSSLSocketFactory”的实现类似于this

现在,如果我在 Spring 应用程序中注入我的客户端,我可以看到“feignBuilder”被调用并且它成功加载了我的密钥。问题是创建的客户端实际上并未将指定的 SSLFactory 用于 createSocket 调用。所以我得到:

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_72]
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_72]
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[na:1.8.0_72]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[na:1.8.0_72]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_72]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_72]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_72]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_72]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[na:1.8.0_72]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) ~[na:1.8.0_72]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) ~[na:1.8.0_72]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_72]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ~[na:1.8.0_72]
    at feign.Client$Default.convertResponse(Client.java:152) ~[feign-core-9.3.1.jar:na]

【问题讨论】:

  • 你能通过 git 分享你的代码示例吗?

标签: java ssl spring-boot spring-cloud feign


【解决方案1】:

创建Client,因为它是自己的@Bean,而不是构建器的一部分。 builder.client(client) 稍后被调用,覆盖您在创建构建器时设置的客户端。

所以

@Bean
public Client feignClient()
{
    Client trustSSLSockets = new Client.Default(
            TrustingSSLSocketFactory.get("server1"),
            new NoopHostnameVerifier());

    log.info("feignClient called");
    return trustSSLSockets;
}

【讨论】:

    【解决方案2】:

    我做了这样的事情来达到我的目的-

    @Bean
    public Client feignClient()
    {
        Client trustSSLSockets = new Client.Default(getSSLSocketFactory(), new NoopHostnameVerifier());
        log.info("feignClient called"); 
        return trustSSLSockets;
    }
    
    
    private SSLSocketFactory getSSLSocketFactory() {
        try {
        TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
            @Override
            public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                //Do your validations
                return true;
            }
            };
    
            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
            return sslContext.getSocketFactory();
        } catch (Exception exception) {
            throw new RuntimeException(exception);
        }
    }
    

    【讨论】:

    • @xomoni,已经存在 org.apache.http.conn.ssl.TrustAllStrategy()
    猜你喜欢
    • 2021-07-15
    • 2018-06-24
    • 2016-08-15
    • 2020-06-21
    • 1970-01-01
    • 2012-03-31
    • 2020-05-06
    • 2017-09-30
    • 2021-06-22
    相关资源
    最近更新 更多