使用Feign客户端和证书调用WS

我正在努力解决基本问题，但无法理解它 . 我有一个 Spring 季启动应用程序，它应该暴露一个休息网址 .

我这样做：

@RestController
@RequestMapping(value = "/api")
public class MdmhController {

    @Resource
    private MdmhClient mdmhClient;


    @RequestMapping(
            method = RequestMethod.GET,
            value = "/myEntityNames",
            produces = { MediaType.APPLICATION_JSON_UTF8_VALUE }
    )
    ResponseEntity<Iterable<String>> getMyEntityNames() {

        MyEntity[] myEntities =
                mdmhClient.getMyentitis();

        Set<String> myEntityNames= new HashSet<>();
        for (MyEntity me : myEntities ) {
            myEntityNames.add(me.getName());
        }
        return new ResponseEntity<Iterable<String>>(myEntityNames, HttpStatus.OK);
    }
}

正如您所看到的，它消耗了另一项服务，我试图用假装客户端实现：

@Import(FeignClientsConfiguration.class)
@Component
public class MdmhClientImpl implements MdmhClient {

    private final Decoder decoder;
    private final Encoder encoder;

    private  MdmhClient mdmhClient;

    @Value("${mdmh.serviceId}") // injected by sprins yaml e.g. url-to-service.com
    private String mdmhServiceId;

    @Autowired
    public MdmhClientImpl(
            final Decoder decoder, final Encoder encoder) {
        this.decoder = decoder;
        this.encoder = encoder;
    }

    @Override
    public MyEntity[] getMyEntities() {

        if (mdmhClient == null) {
            mdmhClient = Feign.builder()
                    .encoder(encoder)
                    .decoder(decoder)
                    .client(new Client.Default(TrustingSSLSocketFactory.get(), null))
                    .target(MdmhClient.class, "https://" + mdmhServiceId);
        }
        return mdmhClient.getMyEntity();
    }
}

界面如下：

@RestController
@RequestMapping(value = "/api")
public interface MdmhClient {

    @RequestLine("GET mdmh/service/v2/myentities")
    @Headers({ "accept: application/json" })
    MyEntity[] getMyEntities();
}

当MdmhClient确实在 mdmhClient.getEntity() 调用时给我异常：

SunCertPathBuilderException: unable to find valid certification path to requested target.

我知道解决这个问题我需要将证书导入jre . 我正在运行Intellij IDE并将项目的jdk路径设置为：

C:\Program Files\Java\jdk1.8.0_65

我还通过firefox访问了webservice：

https://url-to-service.com/mdmh/service/v2/myentities

并下载了我导入的证书：

C:\Program Files\Java\jdk1.8.0_65\jre\lib\security\cacerts

但我仍然得到错误 . 出于沮丧，我将证书导入所有已安装的jdks，仍然相同 .

我找到了：https://github.com/OpenFeign/feign/blob/master/core/src/test/java/feign/client/TrustingSSLSocketFactory.java

并将其添加到我的MdmhClient中，如：

@Override
public MyEntity[] getMyEntities() {

    if (mdmhClient == null) {
        Client client = new Client.Default(
                TrustingSSLSocketFactory.get(),
                new HostnameVerifier() {
                    @Override
                    public boolean verify(String s, SSLSession sslSession) {
                        return true;
                    }
                });
        mdmhClient = Feign.builder()
                .encoder(encoder)
                .decoder(decoder)
                .client(new Client.Default(TrustingSSLSocketFactory.get(), null))
                .target(MdmhClient.class, "https://" + mdmhServiceId);
    }
    return mdmhClient.getMyEntities();
}

在此之后，我从我的被叫服务获得AccessDenied响应 .

ERROR [081-exec-3] 17.08.17 08:26:28.868  org.apache.juli.logging.DirectJDKLog@log: Servlet.service() for servlet [dispatcherServlet] in context with path [/lic] threw exception [Request processing failed; nested exception is feign.FeignException: status 403 reading MdmhClient#getFamilyVersions(); content:
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
<FONT f...

但我100％确定我不需要身份验证 . 因为我可以在不修改 Headers 的情况下输入浏览器的URL并获得结果 .

我希望你能帮助我或给我一些提示如何解决这个问题 .

谢谢