Feign忽略https接口调用SSL证书验证
易博文
报错信息:
ERROR javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.25.193.111 found
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.25.193.111 found
这是feign请求https接口因为SSL证书校验报的错,我们如果想忽略证书校验,可以采用下面这个方法:
// SearchClient 调用接口
public interface SearchClient {
@RequestLine("POST /testPost")
JSONObject testPost();
}
import feign.Feign;
import feign.Logger;
import feign.Request;
import feign.codec.Encoder;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import feign.slf4j.Slf4jLogger;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import xxx.IgnoreHttpsSSLClient;
// SearchClient Feign接口调用构建初始化
@Configuration
public class FeignConfig {
@Bean
public SearchClient searchClient(IgnoreHttpsSSLClient ignoreHttpsSSLClient) {
return Feign.builder()
.encoder(new JacksonEncoder())
.decoder(new JacksonDecoder())
.logLevel(Logger.Level.FULL)
.logger(new Slf4jLogger(SearchClient.class))
.client(ignoreHttpsSSLClient.feignClient())
.options(new Request.Options(60000, 60000))
.target(SearchClient.class, "https://10.25.193.111:443/");
}
}
import feign.Client;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@Configuration
public class IgnoreHttpsSSLClient {
@Bean
@ConditionalOnMissingBean
public Client feignClient() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new Client.Default(ctx.getSocketFactory(), (hostname, session) -> true);
} catch (Exception e) {
return null;
}
}
}
我这里是手动创建的SearchClient,如以上代码,将自定义的Client传入SearchClient初始化构建方法中,即可生效,忽略SSL证书校验。
如果你的Feign是使用注解方式构建初始化的,可如下配置,例如:
@FeignClient(value = "testFeignClient", url = "https://10.25.193.111:443/", configuration = TestFeignClientConfig.class)
public interface TestFeignClient {
@RequestLine("POST /testPost")
JSONObject testPost();
}
public class TestFeignClientConfig {
// 加载自定义Client
@Bean
@ConditionalOnBean(IgnoreHttpsSSLClient.class)
public Client generateClient(IgnoreHttpsSSLClient ignoreHttpsSSLClient) {
return ignoreHttpsSSLClient.feignClient();
}
}
类似资料: