我正在努力解决基本问题,但无法理解它。我有一个春季启动应用程序,它应该暴露一个休息网址。
我这样做:
@RestController
@RequestMapping(value = "/api")
public class MdmhController {
@Resource
private MdmhClient mdmhClient;
@RequestMapping(
method = RequestMethod.GET,
value = "/myEntityNames",
produces = { MediaType.APPLICATION_JSON_UTF8_VALUE }
)
ResponseEntity<Iterable<String>> getMyEntityNames() {
MyEntity[] myEntities =
mdmhClient.getMyentitis();
Set<String> myEntityNames= new HashSet<>();
for (MyEntity me : myEntities ) {
myEntityNames.add(me.getName());
}
return new ResponseEntity<Iterable<String>>(myEntityNames, HttpStatus.OK);
}
}
正如您所看到的,它正在消耗我试图用假装客户端实现的另一项服务:
@Import(FeignClientsConfiguration.class)
@Component
public class MdmhClientImpl implements MdmhClient {
private final Decoder decoder;
private final Encoder encoder;
private MdmhClient mdmhClient;
@Value("${mdmh.serviceId}") // injected by sprins yaml e.g. url-to-service.com
private String mdmhServiceId;
@Autowired
public MdmhClientImpl(
final Decoder decoder, final Encoder encoder) {
this.decoder = decoder;
this.encoder = encoder;
}
@Override
public MyEntity[] getMyEntities() {
if (mdmhClient == null) {
mdmhClient = Feign.builder()
.encoder(encoder)
.decoder(decoder)
.client(new Client.Default(TrustingSSLSocketFactory.get(), null))
.target(MdmhClient.class, "https://" + mdmhServiceId);
}
return mdmhClient.getMyEntity();
}
}
界面如下:
@RestController
@RequestMapping(value = "/api")
public interface MdmhClient {
@RequestLine("GET mdmh/service/v2/myentities")
@Headers({ "accept: application/json" })
MyEntity[] getMyEntities();
}
当MdmhClient确实在mdmhClient.getEntity()来电时给我例外:
SunCertPathBuilderException: unable to find valid certification path to requested target.
我知道解决这个问题我需要将证书导入jre。我正在运行Intellij IDE并将项目的jdk路径设置为:
C:\Program Files\Java\jdk1.8.0_65
我还通过firefox访问了webservice:
https://url-to-service.com/mdmh/service/v2/myentities
并下载我导入的证书:
C:\Program Files\Java\jdk1.8.0_65\jre\lib\security\cacerts
但我仍然得到错误。出于沮丧,我将证书导入所有已安装的jdks,仍然相同。
并将其添加到我的MdmhClient中,如:
@Override
public MyEntity[] getMyEntities() {
if (mdmhClient == null) {
Client client = new Client.Default(
TrustingSSLSocketFactory.get(),
new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
mdmhClient = Feign.builder()
.encoder(encoder)
.decoder(decoder)
.client(new Client.Default(TrustingSSLSocketFactory.get(), null))
.target(MdmhClient.class, "https://" + mdmhServiceId);
}
return mdmhClient.getMyEntities();
}
在此之后我从我的被叫服务获得AccessDenied响应。
ERROR [081-exec-3] 17.08.17 08:26:28.868 org.apache.juli.logging.DirectJDKLog@log: Servlet.service() for servlet [dispatcherServlet] in context with path [/lic] threw exception [Request processing failed; nested exception is feign.FeignException: status 403 reading MdmhClient#getFamilyVersions(); content:
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
<FONT f...
但我100%确定我不需要身份验证。因为我可以在不修改标题的情况下输入浏览器的URL并获得结果。
我希望你能帮助我或者给我一些提示如何解决这个问题。
谢谢
答案 0 :(得分:1)
看起来您的客户端正在通过代理服务器访问该服务。代理服务器需要身份验证,因此以403响应并使用不同的证书(链),因此导入从Web服务获得的证书并不起作用。
答案 1 :(得分:0)
您可以尝试使用以下替代方法
@Bean
public Client feignClient()
{
Client trustSSLSockets = new Client.Default(getSSLSocketFactory(), new NoopHostnameVerifier());
return trustSSLSockets;
}
private SSLSocketFactory getSSLSocketFactory() {
try {
TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
};
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
return sslContext.getSocketFactory();
} catch (Exception exception) {
}
return null;
}