【Spring】Feign客户端发送HTTPS请求绕过认证

x33g5p2x  于2022-03-08 转载在 Spring  
字(3.5k)|赞(0)|评价(0)|浏览(642)

1.概述

转载:https://www.jianshu.com/p/ea627708ab52

一个Spring Boot项目,为了使用Harbor仓库,起初通过Spring RestTemplate完成了对Harbor仓库的HTTPS请求,后想改为使用Feign客户端的方式请求Harbor仓库。

2.配置过程

1、pom文件依赖添加

  1. <dependency>
  2.     <groupId>org.springframework.cloud</groupId>
  3.     <artifactId>spring-cloud-starter-openfeign</artifactId>
  4.     <version>2.2.1.RELEASE</version>
  5. </dependency>
  6. <dependency>
  7.     <groupId>io.github.openfeign</groupId>
  8.     <artifactId>feign-jackson</artifactId>
  9.     <version>9.3.1</version>
  10. </dependency>

其中openfeign是必须的依赖,而feign-jackson依赖主要是为了配置Feign客户端的编码和解码以支持JSON字符串

2、创建Feign客户端

  1. import feign.Headers;
  2. import feign.Param;
  3. import feign.RequestLine;
  4. import org.springframework.cloud.openfeign.FeignClient;
  6. @FeignClient(name="feignClient")
  7. public interface FeignClient {
  9.     @Headers({"Content-Type: application/json", "Authorization: {token}"})
  10.     @RequestLine("GET /api/users?username={username}")
  11.     List<Map<String, Object>> getUsers(URI baseUri,
  12.                                        @Param("token") String token,
  13.                                        @Param("username") String username);
  14. }

3、在Service中调用Feign客户端完成对Harbor仓库的请求

  1. import feign.Feign;
  2. import feign.Target;
  3. import feign.jackson.JacksonDecoder;
  4. import feign.jackson.JacksonEncoder;
  5. import org.springframework.cloud.openfeign.FeignClientsConfiguration;
  7. @Import(FeignClientsConfiguration.class)
  8. @Service(value = "service")
  9. public class ServiceImpl implements IService {
  10.       private FeignClient feignClient;
  11.       public ServiceImpl () {
  12.             harborFeignClientV0 = Feign.builder().encoder(new JacksonEncoder())
  13.                     .decoder(new JacksonDecoder()).target(Target.EmptyTarget.create(HarborFeignClientV0.class));
  14.       }
  16.      @Override
  17.     public List<Map<String, Object>> getUsers(DTO dTO){
  18.         String usersUrl = getBaseUrl(dTO);
  19.         try {
  20.             SslUtils.ignoreSsl();
  21.             return harborFeignClientV0.getUsers(new URI(usersUrl), dTO.getToken(), dTO.getUsername());
  22.         } catch (Exception e){
  23.             log.error("调用Harbor API错误:", e.getMessage());
  24.             throw new RuntimeException(e);
  25.         }
  26.     }
  27. }

相比较于Feign客户端发送HTTP请求,这里只多了一行代码SslUtils.ignoreSsl();,通过这个工具类,所有的HTTPS请求将会绕过证书检查。

4、工具类SslUtils

参考:https://blog.csdn.net/qq_34836433/article/details/78539009

本次我是使用这种方式进行验证的。

  1. public class SslUtils {
  2.     private static void trustAllHttpsCertificates() throws Exception {
  3.         TrustManager[] trustAllCerts = new TrustManager[1];
  4.         TrustManager tm = new miTM();
  5.         trustAllCerts[0] = tm;
  6.         SSLContext sc = SSLContext.getInstance("SSL");
  7.         sc.init(null, trustAllCerts, null);
  8.         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  9.     }
  11.     static class miTM implements TrustManager,X509TrustManager {
  12.         public X509Certificate[] getAcceptedIssuers() {
  13.             return null;
  14.         }
  16.         public boolean isServerTrusted(X509Certificate[] certs) {
  17.             return true;
  18.         }
  20.         public boolean isClientTrusted(X509Certificate[] certs) {
  21.             return true;
  22.         }
  24.         public void checkServerTrusted(X509Certificate[] certs, String authType)
  25.                 throws CertificateException {
  26.             return;
  27.         }
  29.         public void checkClientTrusted(X509Certificate[] certs, String authType)
  30.                 throws CertificateException {
  31.             return;
  32.         }
  33.     }
  35.     /**
  36.      * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
  37.      * @throws Exception
  38.      */
  39.     public static void ignoreSsl() throws Exception{
  40.         HostnameVerifier hv = new HostnameVerifier() {
  41.             public boolean verify(String urlHostName, SSLSession session) {
  42.                 System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
  43.                 return true;
  44.             }
  45.         };
  46.         trustAllHttpsCertificates();
  47.         HttpsURLConnection.setDefaultHostnameVerifier(hv);
  48.     }

三、踩坑过程

1、绕开HTTPS认证的另一个方法
参考:https://blog.csdn.net/Chipslyc/article/details/98851831
通过自己配置Feign客户端的配置绕开HTTPS认证检查,添加依赖和Feign客户端配置之后行不通,首先在添加依赖的时候,导致了好几次项目跑不起来;其次都配置好之后发送HTTPS请求时还是报错PKIX path building failed

2、依赖依赖之后单元测试无法正常启动
参考:http://www.lzhpo.com/article/93

启动单元测试报错Command line is too long

版权说明 : 本文为转载文章, 版权归原作者所有 版权申明

原文链接 : https://blog.csdn.net/qq_21383435/article/details/123338845

内容来源于网络,如有侵权,请联系作者删除!

Javaspringhttps

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com