我正在尝试查找 WebClient 使用的示例。
我的目标是使用 Spring 5 WebClient 使用 https 和自签名证书查询 REST 服务
有什么例子吗?
问问题
54961 次
4 回答
40
看起来 Spring 5.1.1 (Spring boot 2.1.0) 已从 中删除HttpClientOptions,ReactorClientHttpConnector因此您无法在创建实例时配置选项ReactorClientHttpConnector
现在可行的一种选择是:
val sslContext = SslContextBuilder
.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build()
val httpClient = HttpClient.create().secure { t -> t.sslContext(sslContext) }
val webClient = WebClient.builder().clientConnector(ReactorClientHttpConnector(httpClient)).build()
基本上在创建 HttpClient 时,我们正在配置不安全的 sslContext,然后将这个 httpClient 传递给ReactorClientHttpConnector全局使用。
另一个选项是配置TcpClient不安全的 sslContext 并使用它来创建HttpClient实例,如下图所示:
val sslContext = SslContextBuilder
.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build()
val tcpClient = TcpClient.create().secure { sslProviderBuilder -> sslProviderBuilder.sslContext(sslContext) }
val httpClient = HttpClient.from(tcpClient)
val webClient = WebClient.builder().clientConnector(ReactorClientHttpConnector(httpClient)).build()
了解更多信息:
- https://docs.spring.io/spring/docs/5.1.1.RELEASE/spring-framework-reference/web-reactive.html#webflux-client-builder-reactor
- https://netty.io/4.0/api/io/netty/handler/ssl/util/InsecureTrustManagerFactory.html
更新:相同代码的Java版本
SslContext context = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
HttpClient httpClient = HttpClient.create().secure(t -> t.sslContext(context));
WebClient wc = WebClient
.builder()
.clientConnector(new ReactorClientHttpConnector(httpClient)).build();
于 2018-11-05T02:40:03.647 回答
37
请参阅使用不安全的 TrustManagerFactory的示例,该示例信任所有 X.509 证书(包括自签名证书)而无需任何验证。文档中的重要说明:
切勿在生产中使用此 TrustManagerFactory。它纯粹是为了测试目的,因此非常不安全。
@Bean
public WebClient createWebClient() throws SSLException {
SslContext sslContext = SslContextBuilder
.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
ClientHttpConnector httpConnector = HttpClient.create().secure(t -> t.sslContext(sslContext) )
return WebClient.builder().clientConnector(httpConnector).build();
}
于 2017-08-01T14:54:23.913 回答
15
不得不编辑它,以适应 spring-boot 2.0->2.1 的变化。
另一种方法,如果你想编写生产代码,创建一个这样的spring bean,它修改注入的WebClient,使用来自spring-boot服务器的设置,用于信任库和密钥库的位置。在客户端,如果您使用的是 2-way-ssl,您只需要提供 Keystore。不确定,为什么 ssl-stuff 没有预先配置且易于注入,类似于非常酷的 spring-boot 服务器设置。
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
.
.
.
@Bean
WebClientCustomizer configureWebclient(@Value("${server.ssl.trust-store}") String trustStorePath, @Value("${server.ssl.trust-store-password}") String trustStorePass,
@Value("${server.ssl.key-store}") String keyStorePath, @Value("${server.ssl.key-store-password}") String keyStorePass, @Value("${server.ssl.key-alias}") String keyAlias) {
return (WebClient.Builder webClientBuilder) -> {
SslContext sslContext;
final PrivateKey privateKey;
final X509Certificate[] certificates;
try {
final KeyStore trustStore;
final KeyStore keyStore;
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(ResourceUtils.getFile(keyStorePath)), keyStorePass.toCharArray());
List<Certificate> certificateList = Collections.list(trustStore.aliases())
.stream()
.filter(t -> {
try {
return trustStore.isCertificateEntry(t);
} catch (KeyStoreException e1) {
throw new RuntimeException("Error reading truststore", e1);
}
})
.map(t -> {
try {
return trustStore.getCertificate(t);
} catch (KeyStoreException e2) {
throw new RuntimeException("Error reading truststore", e2);
}
})
.collect(Collectors.toList());
certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyStorePass.toCharArray());
Certificate[] certChain = keyStore.getCertificateChain(keyAlias);
X509Certificate[] x509CertificateChain = Arrays.stream(certChain)
.map(certificate -> (X509Certificate) certificate)
.collect(Collectors.toList())
.toArray(new X509Certificate[certChain.length]);
sslContext = SslContextBuilder.forClient()
.keyManager(privateKey, keyStorePass, x509CertificateChain)
.trustManager(certificates)
.build();
HttpClient httpClient = HttpClient.create()
.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
ClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
webClientBuilder.clientConnector(connector);
} catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | UnrecoverableKeyException e) {
throw new RuntimeException(e);
}
};
}
这里是您使用 Webclient 的部分:
import org.springframework.web.reactive.function.client.WebClient;
@Component
public class ClientComponent {
public ClientComponent(WebClient.Builder webClientBuilder, @Value("${url}") String url) {
this.client = webClientBuilder.baseUrl(solrUrl).build();
}
}
于 2018-01-30T11:56:42.720 回答
0
对于那些可能坚持如何使用响应式 WebFlux webClient使用受 https 保护的 REST API 的人
你想创造两件事
- https 启用 REST API - https://github.com/mghutke/HttpsEnabled
- 另一个 REST API 作为具有 WebClient 的客户端来使用以上一个 - https://github.com/mghutke/HttpsClient
注意:请通过上述项目查看与上述两个 Spring Boot 应用程序共享的密钥库。并以编程方式添加了 keyManagerFactory 和 TrustManagerFactory。
于 2021-10-27T15:35:16.800 回答