HttpClient通过正向代理访问HTTPS接口攻略

1.问题背景

一些HTTPS接口提供方有IP白名单策略,接口调用方必须通过报备过的出口IP访问接口。对于部署在云主机上的接口调用方服务而言,这是比较不友好的。

常用的方法是在指定出口IP的服务器上部署正向代理,接口调用方服务通过这个正向代理间接访问HTTPS接口。

2.解决方案

以HttpClient4.5.3为例。

1)定义 HttpClientBuilder

HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();

2)定义代理选择策略 ProxySelector

class MyProxySelector extends ProxySelector {
        ProxySelector defaultproxySelector = ProxySelector.getDefault();
        ArrayList<Proxy> noProxy = new ArrayList<Proxy>();
        ArrayList<Proxy> secureProxy = new ArrayList<Proxy>();

        public MyProxySelector(String ip, int port) {     //  正向代理的IP和端口
            noProxy.add(Proxy.NO_PROXY);   //  初始化无代理策略
            secureProxy.add(new Proxy(Type.HTTP, new InetSocketAddress(ip, port)));    //  初始化正向代理策略。PS:正向代理本身一般是HTTP协议的
  
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
### 回答1: Spring Boot中使用HttpClient调用第三方HTTPS接口,并忽略SSL证书验证,可以通过以下步骤来实现: 1. 导入HttpClient和SSL相关的依赖: 在pom.xml文件中添加以下依赖: ```xml <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.13</version> </dependency> <dependency> <groupId>javax.net.ssl</groupId> <artifactId>javax.net.ssl.HttpsURLConnection</artifactId> <version>1.0.0</version> </dependency> ``` 2. 创建忽略SSL验证的HttpClient对象: ```java import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClients; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class HttpClientUtil { public HttpClient createIgnoreSSLHttpClient() throws Exception { SSLContext sslContext = SSLContext.getInstance("TLS"); X509TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } }; sslContext.init(null, new TrustManager[]{trustManager}, null); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); RequestConfig reqConfig = RequestConfig.custom().setSocketTimeout(120 * 1000).setConnectTimeout(120 * 1000).build(); HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).setDefaultRequestConfig(reqConfig).build(); return httpClient; } } ``` 3. 使用创建的HttpClient对象发送HTTPS请求: ```java import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.util.EntityUtils; public class HttpsClientExample { public static void main(String[] args) throws Exception { HttpClientUtil httpClientUtil = new HttpClientUtil(); CloseableHttpClient httpClient = (CloseableHttpClient) httpClientUtil.createIgnoreSSLHttpClient(); HttpGet httpGet = new HttpGet("https://example.com/api"); CloseableHttpResponse response = httpClient.execute(httpGet); String responseBody = EntityUtils.toString(response.getEntity(), "UTF-8"); System.out.println(responseBody); response.close(); httpClient.close(); } } ``` 以上就是使用Spring Boot中的HttpClient实现忽略SSL证书的步骤。总结起来,主要包括导入相关依赖,创建忽略SSL验证的HttpClient对象,以及使用该对象发送HTTPS请求。 ### 回答2: Spring Boot中使用HttpClient调用第三方HTTPS接口时,如果忽略SSL证书验证,可以按照以下方法进行操作。 首先,需要在Spring Boot的配置文件application.properties中添加以下配置: ```plaintext # 忽略SSL证书验证 spring.main.allow-bean-definition-overriding=true ``` 然后,创建一个自定义的HttpClientConfig类,用于配置并创建HttpClient对象: ```java import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.net.ssl.SSLContext; @Configuration public class HttpClientConfig { @Value("${httpclient.ssl.ignore-ssl}") private boolean ignoreSSL; @Bean @ConditionalOnProperty(name = "httpclient.ssl.ignore-ssl", havingValue = "true") public HttpClient httpClient() throws Exception { if (ignoreSSL) { SSLContext sslContext = SSLContextBuilder.create() .loadTrustMaterial((chain, authType) -> true) .build(); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); return HttpClients.custom() .setSSLSocketFactory(sslConnectionSocketFactory) .setDefaultRequestConfig(requestConfig()) .build(); } else { return HttpClients.createDefault(); } } private RequestConfig requestConfig() { return RequestConfig.custom() .setConnectTimeout(5000) .setSocketTimeout(5000) .build(); } } ``` 最后,在需要调用第三方HTTPS接口的地方注入HttpClient对象,并使用该对象进行接口调用即可: ```java import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service public class HttpService { @Autowired private HttpClient httpClient; public String getResponse(String url) throws Exception { HttpGet httpGet = new HttpGet(url); HttpResponse httpResponse = httpClient.execute(httpGet); return EntityUtils.toString(httpResponse.getEntity()); } } ``` 以上就是使用Spring Boot的HttpClient调用第三方HTTPS接口并忽略SSL证书验证的方法。请注意,忽略SSL证书验证可能存在安全风险,建议在生产环境中谨慎使用。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值