如何避免在spring

本文介绍了如何避免在spring-boot-admin中进行证书验证?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

如何避免在spring-boot-admin中进行证书验证?

In what way can I avoid certificate validation in spring-boot-admin?

链接错误图片: ibb.co/fkZu8y

我将RestTemplate配置为避免在类中使用证书，但是我不知道如何发送证书，我猜它必须在客户端中，spring-boot-admin-starter-client自动工作.

I configure the RestTemplate for avoid the certificate in a class, but I do not know how to send it, I guess it must be in the client, the spring-boot-admin-starter-client works automatically.

这是用于避免证书验证的代码.

This is the code for avoid the certificate validation.

public class SSLUtil { public RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { TrustStrategy acceptingTrustStrategy = new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { return true; } }; SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy) .build(); SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()); CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); requestFactory.setHttpClient(httpClient); RestTemplate restTemplate = new RestTemplate(requestFactory); return restTemplate; } }

Application.properties

Application.properties

spring.application.name =管理员应用程序

spring.application.name=Admin-Application

server.port = 1111

server.port=1111

security.user.name = admin

security.user.name=admin

security.user.password = admin123

security.user.password=admin123

@Configuration public static class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // Page with login form is served as /login.html and does a POST on // /login http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll(); // The UI does a POST on /logout on logout http.logout().logoutUrl("/logout"); // The ui currently doesn't support csrf http.csrf().disable().authorizeRequests() // Requests for the login page and the static assets are // allowed // http.authorizeRequests() .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**").permitAll(); // ... and any other request needs to be authorized http.authorizeRequests().antMatchers("/**").authenticated(); // Enable so that the clients can authenticate via HTTP basic for // registering http.httpBasic(); } }

推荐答案

我正在将Spring Boot Admin 2.1.3与Eureka一起使用.

I'm using Spring Boot Admin 2.1.3 together with Eureka.

似乎SBA已从RestTemplate迁移到WebClient.因此，我创建了一个WebClient，该WebClient的SSLContext的信任管理器设置为InsecureTrustManagerFactory，可以信任所有内容.然后，我使用此webclient并实例化SBA的InstanceWebClient.不确定是否有更简单的方法，但这对我有用.

It seems SBA has moved from RestTemplate to WebClient. So I create a WebClient which has a SSLContext with a trust manager set to InsecureTrustManagerFactory, that trusts everything. Then I use this webclient and instantiate SBA's InstanceWebClient. Not sure if there is an easier approach, but this worked for me.

import de.codecentric.boot.admin.server.config.AdminServerProperties; import de.codecentric.boot.admin.server.web.client.HttpHeadersProvider; import de.codecentric.boot.admin.server.web.client.InstanceExchangeFilterFunction; import de.codecentric.boot.admin.server.web.client.InstanceWebClient; import ioty.channel.ChannelOption; import ioty.handler.ssl.SslContext; import ioty.handler.ssl.SslContextBuilder; import ioty.handler.ssl.util.InsecureTrustManagerFactory; import ioty.handler.timeout.ReadTimeoutHandler; import org.springframework.beans.factory.ObjectProvider; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.web.reactive.function.client.WebClient; import reactorty.ConnectionObserver; import reactorty.http.client.HttpClient; import javax.ssl.SSLException; import java.util.Collections; import java.util.List; import java.util.concurrent.TimeUnit; @Configuration @EnableConfigurationProperties(AdminServerProperties.class) public class SslConfiguration { private final AdminServerProperties adminServerProperties; public SslConfiguration(AdminServerProperties adminServerProperties) { this.adminServerProperties = adminServerProperties; } @Bean public InstanceWebClient instanceWebClient(HttpHeadersProvider httpHeadersProvider, ObjectProvider<List<InstanceExchangeFilterFunction>> filtersProvider) throws SSLException { List<InstanceExchangeFilterFunction> additionalFilters = filtersProvider.getIfAvailable(Collections::emptyList); return InstanceWebClient.builder() .defaultRetries(adminServerProperties.getMonitor().getDefaultRetries()) .retries(adminServerProperties.getMonitor().getRetries()) .httpHeadersProvider(httpHeadersProvider) .webClient(getWebClient()) .filters(filters -> filters.addAll(additionalFilters)) .build(); } private WebClient getWebClient() throws SSLException { SslContext sslContext = SslContextBuilder .forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); HttpClient httpClient = HttpClient.create() press(true) .secure(t -> t.sslContext(sslContext)) .tcpConfiguration(tcp -> tcp.bootstrap(bootstrap -> bootstrap.option( ChannelOption.CONNECT_TIMEOUT_MILLIS, (int) adminServerProperties.getMonitor().getConnectTimeout().toMillis() )).observe((connection, newState) -> { if (ConnectionObserver.State.CONNECTED.equals(newState)) { connection.addHandlerLast(new ReadTimeoutHandler(adminServerProperties.getMonitor().getReadTimeout().toMillis(), TimeUnit.MILLISECONDS )); } })); ReactorClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(httpClient); return WebClient.builder().clientConnector(reactorClientHttpConnector).build(); } }