如何避免spring-boot-admin中的证书验证？-Java 学习之路

以什么方式可以避免spring-boot-admin中的证书验证？

我配置RestTemplate以避免类中的证书，但我不知道如何发送它，我想它必须在客户端，spring-boot-admin-starter-client自动工作 .

这是避免证书验证的代码 .

public class SSLUtil {

    public RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
            @Override
            public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                return true;
            }
        };
        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy)
                .build();
        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);
        RestTemplate restTemplate = new RestTemplate(requestFactory);
        return restTemplate;
    }

}

Application.properties

spring.application.name =管理员应用中

server.port = 1111

security.user.name =管理员

security.user.password =为admin123

@Configuration
    public static class SecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // Page with login form is served as /login.html and does a POST on
            // /login
            http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
            // The UI does a POST on /logout on logout
            http.logout().logoutUrl("/logout");
            // The ui currently doesn't support csrf
            http.csrf().disable().authorizeRequests()

                    // Requests for the login page and the static assets are
                    // allowed
                    // http.authorizeRequests()
                    .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**").permitAll();
            // ... and any other request needs to be authorized
            http.authorizeRequests().antMatchers("/**").authenticated();

            // Enable so that the clients can authenticate via HTTP basic for
            // registering
            http.httpBasic();
        }
    }

1 回答

尝试http.csrf（） . disable（） . authorizeRequests（）上面的代码将禁用csrf令牌 . 下面是我的OAuth代码，我禁用了csrf以降低复杂性 .

@RestController
@EnableOAuth2Sso
@EnableResourceServer
@SpringBootApplication
public class SpringBootWebApplication extends WebSecurityConfigurerAdapter {
            @Override
            protected void configure(HttpSecurity http) throws Exception {

                http.csrf().disable().authorizeRequests()

                        .antMatchers("/api/**", "/dashboard", "/welcome","/about").authenticated().antMatchers("/**").permitAll()
                        .anyRequest().authenticated().and().logout().logoutSuccessUrl("/").permitAll();

            }

回复于 2024-05-02T13:49:07+08:00

如何避免spring-boot-admin中的证书验证？

1 回答

相关问题