【Spring】Feign客户端发送HTTPS请求绕过认证

x33g5p2x  于2022-03-08 转载在 Spring  
字(3.5k)|赞(0)|评价(0)|浏览(516)

1.概述

转载:https://www.jianshu.com/p/ea627708ab52

一个Spring Boot项目,为了使用Harbor仓库,起初通过Spring RestTemplate完成了对Harbor仓库的HTTPS请求,后想改为使用Feign客户端的方式请求Harbor仓库。

2.配置过程

1、pom文件依赖添加

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-openfeign</artifactId>
    <version>2.2.1.RELEASE</version>
</dependency>
<dependency>
    <groupId>io.github.openfeign</groupId>
    <artifactId>feign-jackson</artifactId>
    <version>9.3.1</version>
</dependency>

其中openfeign是必须的依赖,而feign-jackson依赖主要是为了配置Feign客户端的编码和解码以支持JSON字符串

2、创建Feign客户端

import feign.Headers;
import feign.Param;
import feign.RequestLine;
import org.springframework.cloud.openfeign.FeignClient;

@FeignClient(name="feignClient")
public interface FeignClient {

    @Headers({"Content-Type: application/json", "Authorization: {token}"})
    @RequestLine("GET /api/users?username={username}")
    List<Map<String, Object>> getUsers(URI baseUri,
                                       @Param("token") String token,
                                       @Param("username") String username);
}

3、在Service中调用Feign客户端完成对Harbor仓库的请求

import feign.Feign;
import feign.Target;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import org.springframework.cloud.openfeign.FeignClientsConfiguration;

@Import(FeignClientsConfiguration.class)
@Service(value = "service")
public class ServiceImpl implements IService {
      private FeignClient feignClient;
      public ServiceImpl () {
            harborFeignClientV0 = Feign.builder().encoder(new JacksonEncoder())
                    .decoder(new JacksonDecoder()).target(Target.EmptyTarget.create(HarborFeignClientV0.class));
      }

     @Override
    public List<Map<String, Object>> getUsers(DTO dTO){
        String usersUrl = getBaseUrl(dTO);
        try {
            SslUtils.ignoreSsl();
            return harborFeignClientV0.getUsers(new URI(usersUrl), dTO.getToken(), dTO.getUsername());
        } catch (Exception e){
            log.error("调用Harbor API错误:", e.getMessage());
            throw new RuntimeException(e);
        }
    }
}

相比较于Feign客户端发送HTTP请求,这里只多了一行代码SslUtils.ignoreSsl();,通过这个工具类,所有的HTTPS请求将会绕过证书检查。

4、工具类SslUtils

参考:https://blog.csdn.net/qq_34836433/article/details/78539009

本次我是使用这种方式进行验证的。

public class SslUtils {
    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    static class miTM implements TrustManager,X509TrustManager {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }

        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }

    /**
     * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }

三、踩坑过程

1、绕开HTTPS认证的另一个方法
参考:https://blog.csdn.net/Chipslyc/article/details/98851831
通过自己配置Feign客户端的配置绕开HTTPS认证检查,添加依赖和Feign客户端配置之后行不通,首先在添加依赖的时候,导致了好几次项目跑不起来;其次都配置好之后发送HTTPS请求时还是报错PKIX path building failed

2、依赖依赖之后单元测试无法正常启动
参考:http://www.lzhpo.com/article/93

启动单元测试报错Command line is too long

相关文章