SpringFeign客户端发送HTTPS请求绕过认证
Posted 九师兄
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringFeign客户端发送HTTPS请求绕过认证相关的知识,希望对你有一定的参考价值。
1.概述
转载:https://www.jianshu.com/p/ea627708ab52
一个Spring Boot项目,为了使用Harbor仓库,起初通过Spring RestTemplate完成了对Harbor仓库的HTTPS请求,后想改为使用Feign客户端的方式请求Harbor仓库。
2.配置过程
1、pom文件依赖添加
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-jackson</artifactId>
<version>9.3.1</version>
</dependency>
其中openfeign是必须的依赖,而feign-jackson依赖主要是为了配置Feign客户端的编码和解码以支持JSON字符串
2、创建Feign客户端
import feign.Headers;
import feign.Param;
import feign.RequestLine;
import org.springframework.cloud.openfeign.FeignClient;
@FeignClient(name="feignClient")
public interface FeignClient
@Headers("Content-Type: application/json", "Authorization: token")
@RequestLine("GET /api/users?username=username")
List<Map<String, Object>> getUsers(URI baseUri,
@Param("token") String token,
@Param("username") String username);
3、在Service中调用Feign客户端完成对Harbor仓库的请求
import feign.Feign;
import feign.Target;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import org.springframework.cloud.openfeign.FeignClientsConfiguration;
@Import(FeignClientsConfiguration.class)
@Service(value = "service")
public class ServiceImpl implements IService
private FeignClient feignClient;
public ServiceImpl ()
harborFeignClientV0 = Feign.builder().encoder(new JacksonEncoder())
.decoder(new JacksonDecoder()).target(Target.EmptyTarget.create(HarborFeignClientV0.class));
@Override
public List<Map<String, Object>> getUsers(DTO dTO)
String usersUrl = getBaseUrl(dTO);
try
SslUtils.ignoreSsl();
return harborFeignClientV0.getUsers(new URI(usersUrl), dTO.getToken(), dTO.getUsername());
catch (Exception e)
log.error("调用Harbor API错误:", e.getMessage());
throw new RuntimeException(e);
相比较于Feign客户端发送HTTP请求,这里只多了一行代码SslUtils.ignoreSsl();,通过这个工具类,所有的HTTPS请求将会绕过证书检查。
4、工具类SslUtils
参考:https://blog.csdn.net/qq_34836433/article/details/78539009
本次我是使用这种方式进行验证的。
public class SslUtils
private static void trustAllHttpsCertificates() throws Exception
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
static class miTM implements TrustManager,X509TrustManager
public X509Certificate[] getAcceptedIssuers()
return null;
public boolean isServerTrusted(X509Certificate[] certs)
return true;
public boolean isClientTrusted(X509Certificate[] certs)
return true;
public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException
return;
public void checkClientTrusted(X509Certificate[] certs, String authType)
throws CertificateException
return;
/**
* 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
* @throws Exception
*/
public static void ignoreSsl() throws Exception
HostnameVerifier hv = new HostnameVerifier()
public boolean verify(String urlHostName, SSLSession session)
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
;
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
三、踩坑过程
1、绕开HTTPS认证的另一个方法
参考:https://blog.csdn.net/Chipslyc/article/details/98851831
通过自己配置Feign客户端的配置绕开HTTPS认证检查,添加依赖和Feign客户端配置之后行不通,首先在添加依赖的时候,导致了好几次项目跑不起来;其次都配置好之后发送HTTPS请求时还是报错PKIX path building failed
2、依赖依赖之后单元测试无法正常启动
参考:http://www.lzhpo.com/article/93
启动单元测试报错Command line is too long
以上是关于SpringFeign客户端发送HTTPS请求绕过认证的主要内容,如果未能解决你的问题,请参考以下文章
如何在 .Net C# 中绕过 SSL 证书进行 HTTPS SOAP 请求?
SpringFeign 的 Hystrix 熔断器出现 timed-out and no fallback available 错误