Spring 启动 AsyncRestTemplate SSLSocketFactory
Spring Boot AsyncRestTemplate SSLSocketFactory
在 WebSphere 中部署 Spring 引导应用程序。由于它们的 SSL 配置,我们需要明确指定 SSLSocketFactory 以确保应用程序使用 WebSphere 证书而不是默认的 Java key/trust 存储。
通过 RestTemplate 执行此操作非常简单:
protected RestTemplate getRestTemplate() {
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme(HTTP_SCHEME, HTTP_PORT, PlainSocketFactory.getSocketFactory()));
registry.register(new Scheme(HTTPS_SCHEME, HTTPS_PORT, sslSocketFactory));
BasicClientConnectionManager connectionManager = new BasicClientConnectionManager(registry);
DefaultHttpClient httpClient = new DefaultHttpClient(connectionManager);
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
但是对于 AsyncRestTemplate,我无法找到如何设置 SSLSocketFactory:
protected AsyncRestTemplate getAsyncRestTemplate() throws IOReactorException, NoSuchAlgorithmException {
SSLIOSessionStrategy strategy = new SSLIOSessionStrategy(
SSLContext.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
);
Registry<SchemeIOSessionStrategy> registry = RegistryBuilder.<SchemeIOSessionStrategy>create()
.register(HTTP_SCHEME, NoopIOSessionStrategy.INSTANCE)
.register(HTTPS_SCHEME, strategy)
.build();
PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(
new DefaultConnectingIOReactor(),
registry
);
CloseableHttpAsyncClient httpClient = HttpAsyncClientBuilder
.create()
.setConnectionManager(connManager)
.build();
AsyncClientHttpRequestFactory requestFactory = new HttpComponentsAsyncClientHttpRequestFactory(httpClient);
return new AsyncRestTemplate(requestFactory);
}
本质上,我需要调用:
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault()
这会触发 WebSphere 覆盖 SSL 连接处理。
非常感谢任何关于我遗漏的想法 - 谢谢。
你不能。 javax.net.SocketFactory 与基于 NIO 的 i/o 模型不兼容。对于非阻塞 SSL,无法使用 SSLContext。
在 WebSphere 中部署 Spring 引导应用程序。由于它们的 SSL 配置,我们需要明确指定 SSLSocketFactory 以确保应用程序使用 WebSphere 证书而不是默认的 Java key/trust 存储。
通过 RestTemplate 执行此操作非常简单:
protected RestTemplate getRestTemplate() {
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme(HTTP_SCHEME, HTTP_PORT, PlainSocketFactory.getSocketFactory()));
registry.register(new Scheme(HTTPS_SCHEME, HTTPS_PORT, sslSocketFactory));
BasicClientConnectionManager connectionManager = new BasicClientConnectionManager(registry);
DefaultHttpClient httpClient = new DefaultHttpClient(connectionManager);
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
但是对于 AsyncRestTemplate,我无法找到如何设置 SSLSocketFactory:
protected AsyncRestTemplate getAsyncRestTemplate() throws IOReactorException, NoSuchAlgorithmException {
SSLIOSessionStrategy strategy = new SSLIOSessionStrategy(
SSLContext.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
);
Registry<SchemeIOSessionStrategy> registry = RegistryBuilder.<SchemeIOSessionStrategy>create()
.register(HTTP_SCHEME, NoopIOSessionStrategy.INSTANCE)
.register(HTTPS_SCHEME, strategy)
.build();
PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(
new DefaultConnectingIOReactor(),
registry
);
CloseableHttpAsyncClient httpClient = HttpAsyncClientBuilder
.create()
.setConnectionManager(connManager)
.build();
AsyncClientHttpRequestFactory requestFactory = new HttpComponentsAsyncClientHttpRequestFactory(httpClient);
return new AsyncRestTemplate(requestFactory);
}
本质上,我需要调用:
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault()
这会触发 WebSphere 覆盖 SSL 连接处理。
非常感谢任何关于我遗漏的想法 - 谢谢。
你不能。 javax.net.SocketFactory 与基于 NIO 的 i/o 模型不兼容。对于非阻塞 SSL,无法使用 SSLContext。