springboot httpclient调用第三方https接口 忽略ssl
时间: 2023-07-21 11:01:49 浏览: 465
### 回答1:
Spring Boot中使用HttpClient调用第三方HTTPS接口,并忽略SSL证书验证,可以通过以下步骤来实现:
1. 导入HttpClient和SSL相关的依赖:
在pom.xml文件中添加以下依赖:
```xml
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
<dependency>
<groupId>javax.net.ssl</groupId>
<artifactId>javax.net.ssl.HttpsURLConnection</artifactId>
<version>1.0.0</version>
</dependency>
```
2. 创建忽略SSL验证的HttpClient对象:
```java
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClients;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpClientUtil {
public HttpClient createIgnoreSSLHttpClient() throws Exception {
SSLContext sslContext = SSLContext.getInstance("TLS");
X509TrustManager trustManager = new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
};
sslContext.init(null, new TrustManager[]{trustManager}, null);
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
RequestConfig reqConfig = RequestConfig.custom().setSocketTimeout(120 * 1000).setConnectTimeout(120 * 1000).build();
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).setDefaultRequestConfig(reqConfig).build();
return httpClient;
}
}
```
3. 使用创建的HttpClient对象发送HTTPS请求:
```java
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
public class HttpsClientExample {
public static void main(String[] args) throws Exception {
HttpClientUtil httpClientUtil = new HttpClientUtil();
CloseableHttpClient httpClient = (CloseableHttpClient) httpClientUtil.createIgnoreSSLHttpClient();
HttpGet httpGet = new HttpGet("https://example.com/api");
CloseableHttpResponse response = httpClient.execute(httpGet);
String responseBody = EntityUtils.toString(response.getEntity(), "UTF-8");
System.out.println(responseBody);
response.close();
httpClient.close();
}
}
```
以上就是使用Spring Boot中的HttpClient实现忽略SSL证书的步骤。总结起来,主要包括导入相关依赖,创建忽略SSL验证的HttpClient对象,以及使用该对象发送HTTPS请求。
### 回答2:
Spring Boot中使用HttpClient调用第三方HTTPS接口时,如果忽略SSL证书验证,可以按照以下方法进行操作。
首先,需要在Spring Boot的配置文件application.properties中添加以下配置:
```plaintext
# 忽略SSL证书验证
spring.main.allow-bean-definition-overriding=true
```
然后,创建一个自定义的HttpClientConfig类,用于配置并创建HttpClient对象:
```java
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.net.ssl.SSLContext;
@Configuration
public class HttpClientConfig {
@Value("${httpclient.ssl.ignore-ssl}")
private boolean ignoreSSL;
@Bean
@ConditionalOnProperty(name = "httpclient.ssl.ignore-ssl", havingValue = "true")
public HttpClient httpClient() throws Exception {
if (ignoreSSL) {
SSLContext sslContext = SSLContextBuilder.create()
.loadTrustMaterial((chain, authType) -> true)
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
return HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.setDefaultRequestConfig(requestConfig())
.build();
} else {
return HttpClients.createDefault();
}
}
private RequestConfig requestConfig() {
return RequestConfig.custom()
.setConnectTimeout(5000)
.setSocketTimeout(5000)
.build();
}
}
```
最后,在需要调用第三方HTTPS接口的地方注入HttpClient对象,并使用该对象进行接口调用即可:
```java
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class HttpService {
@Autowired
private HttpClient httpClient;
public String getResponse(String url) throws Exception {
HttpGet httpGet = new HttpGet(url);
HttpResponse httpResponse = httpClient.execute(httpGet);
return EntityUtils.toString(httpResponse.getEntity());
}
}
```
以上就是使用Spring Boot的HttpClient调用第三方HTTPS接口并忽略SSL证书验证的方法。请注意,忽略SSL证书验证可能存在安全风险,建议在生产环境中谨慎使用。
阅读全文