我在我的应用程序中使用Spring RestTemplate来访问外部Web服务。但是,此Web服务已启用SSL,具有自签名证书(域等等)也无效。这只是在本地网络上,所以我不必担心一些安全问题。我想让Spring接受这个证书。这就是我到目前为止所做的:
1。)我已将JBOSS 7配置为使用此密钥库
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="my-private-key" password="rmi+ssl" certificate-key-file="../standalone/configuration/server-keystore.jks" protocol="TLSv1" verify-client="false"/>
</connector>
2.。)这是我的RestTemplate Bean的配置(我在我的课程中使用自动装配)
<bean id="stringHttpConverter" class="org.springframework.http.converter.StringHttpMessageConverter"></bean>
<bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpClientParams">
<property name="authenticationPreemptive" value="true"/>
<property name="connectionManagerClass" value="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
</bean>
<bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
<constructor-arg ref="httpClientParams"/>
</bean>
<bean id="httpClientFactory" class="org.springframework.http.client.CommonsClientHttpRequestFactory">
<constructor-arg ref="httpClient"/>
</bean>
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
<constructor-arg ref="httpClientFactory"/>
<property name="messageConverters">
<list>
<!-- <ref bean="marshallingConverter" /> -->
<ref bean="stringHttpConverter" />
</list>
</property>
</bean>
我已将服务器证书导入密钥库,它肯定在那里。还有什么我需要做的?我已经在这里检查了所有类似的问题,但没有一个有帮助。感谢。
答案 0 :(得分:2)
您在jboss-web连接器中指定的server-keystore.jks仅用作传入连接的服务器证书。
对于出站连接,JBoss的行为与任何其他Java客户端一样,因此您需要将服务器证书导入到默认的Java信任库中。您可以使用默认的%JAVA_HOME%\ lib \ security \ cacerts,并使用以下命令导入服务器证书:
keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file mycert.cer
如果您不想编辑默认cacerts,可以通过设置系统属性来定义备用信任库,如:Java client certificates over HTTPS/SSL中所述。
第三种方法是覆盖https ProtocolSocketFactory,使其接受所有证书,例如:http://drumcoder.co.uk/blog/2011/mar/30/httpclient-self-signed-certificates/
答案 1 :(得分:0)
我做了一个简单的方法:
static HttpComponentsClientHttpRequestFactory requestFactory = null;
/**
*
* @return
*/
public static ServerProperties getServerProperties() {
return serverProperties;
}
/**
* @return
*/
public static HttpComponentsClientHttpRequestFactory getRequestFactory() {
if (requestFactory == null) {
TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
};
SSLContext sslContext = null;
try {
sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
return requestFactory;
}
然后当我实例restTemplate:
RestTemplate restTemplate = new RestTemplate(getRequestFactory());
简单。