使用 Spring RestTemplate 时忽略 SSL 证书验证 [英] Ignore SSL certificate validation when using Spring RestTemplate
本文介绍了使用 Spring RestTemplate 时忽略 SSL 证书验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用 Spring RestTemplate 发出 HTTPS 请求,我想忽略 SSL 证书
I am using Spring RestTemplate to make HTTPS requests, and I want to ignore SSL certificate
这是我创建 restTemplate 请求的代码:
Here is my code to create the restTemplate request:
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String
authType) -> true;
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
SSLConnectionSocketFactory csf = new
SSLConnectionSocketFactory(sslContext);
loseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
...
response = restTemplate.exchange("https://192.168.1.2:/foo/bar",
HttpMethod.POST, entity,String.class);
当我使用服务器主机名时,此请求有效,但是当我使用服务器 IP 地址时出现以下异常:
This request works when I use the server hostname, But I get the following Exception when I use the server IP address:
Exception in thread "main"
org.springframework.web.client.ResourceAccessException: I/O error on POST
request for "https://192.168.1.2/foo/bar": Certificate for
<192.168.1.2> doesn't match any of the subject alternative names: [];
nested exception is javax.net.ssl.SSLPeerUnverifiedException: Certificate
for <192.168.1.2> doesn't match any of the subject alternative names: []
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for
<192.168.1.2> doesn't match any of the subject alternative names: []
推荐答案
@Bean
public RestTemplate restTemplate() throws GeneralSecurityException {
TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build();
BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(
socketFactoryRegistry);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf)
.setConnectionManager(connectionManager).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
return restTemplate;
}
这篇关于使用 Spring RestTemplate 时忽略 SSL 证书验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文