gpt4 book ai didi

spring - FeignClient 带有客户端证书和 Docker

转载 作者:行者123 更新时间:2023-12-02 18:16:40 26 4
gpt4 key购买 nike

我的微服务需要使用双向 ssl。每个微服务都是一个 Spring Boot 应用程序,注释为:

@SpringBootApplication
@EnableFeignClients
@EnableDiscoveryClient
@EnableZuulProxy
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}

每个 yml 都有类似的 eureka/ribbon 配置:

eureka:
client:
service-url:
defaultZone: ${EUREKA_CLIENT_SERVICEURL_PROTOCOL:http}://${EUREKA_CLIENT_SERVICEURL_HOST:192.168.99.100}:${EUREKA_CLIENT_SERVICEURL_PORT:8761}/eureka/
instance:
secure-virtual-host-name: ${spring.application.name}
prefer-ip-address: true
non-secure-port-enabled: ${EUREKA_NON_SECURE_PORT_ENABLED:false}
secure-port-enabled: ${EUREKA_SECURE_PORT_ENABLED:true}
secure-port: ${server.port}
ribbon:
IsSecure: true
eureka:
enabled: true

每个微服务都有一个 Controller ,该 Controller 公开用于各种功能的 REST API。

当一个微服务需要调用另一个微服务端点时,我尝试通过创建该微服务的客户端接口(interface)来实现:

@FeignClient(name = "user", configuration = FeignConfiguration.class, url = "https://user")
public interface UserClient {
@RequestMapping(method = RequestMethod.GET, value = "/test")
String testUser();
}

这是 Feign 配置:

@Configuration
public class FeignConfiguration {

@Bean
public Feign.Builder feignBuilder(){
Client trustSSLSockets = new Client.Default(TrustingSSLSocketFactory.get(), null);
return Feign.builder().client(trustSSLSockets);
}

@Bean
Logger.Level feignLoggerLevel() {
return Logger.Level.FULL;
}

@Bean
public Contract feignContract() {
return new feign.Contract.Default();
}

}

TrustingSSLSocketFactory 类复制自:https://github.com/Netflix/feign/blob/master/core/src/test/java/feign/client/TrustingSSLSocketFactory.java并使用我的客户端证书/密码进行修改。

用户微服务以及其他配置的安全性配置为:

server:
port: ${DOCKER_SERVER_PORT:28443}
ssl:
key-store: ${KEYSTORE_FILE:classpath:keystore.p12}
key-store-password: ${KEYSTORE_PASSWORD:abc123}
key-store-type: ${KEYSTORE_TYPE:PKCS12}
trust-store: ${TRUSTSTORE_FILE:classpath:trust.jks}
trust-store-password: ${TRUSTSTORE_PASSWORD:abc123}
trust-store-type: ${TRUSTSTORE_TYPE:JKS}
client-auth: ${CLIENT_AUTH_REQUIRED:want}

要调用客户端,我只需注入(inject)客户端,然后像调用任何其他接口(interface)一样调用它。

@RestController
public class MyController {

@Autowired
UserClient userClient;

@RequestMapping(value = "/testUser",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
public String testUser() {
return userClient.testUser();
}
}

用户微服务有一个返回简单回复的测试端点。

当 UserClient 尝试与用户主机建立连接时,我收到 UnknownHostException。我可能没有正确实现这一点,希望得到一些指导。

gateway-ms_1   | 2016-05-09 16:22:19.294 DEBUG 1 --- [qtp351251459-24]     c.n.zuul.http.HttpServletRequestWrapper  : Path = null
gateway-ms_1 | 2016-05-09 16:22:19.294 DEBUG 1 --- [qtp351251459-24] c.n.zuul.http.HttpServletRequestWrapper : Transfer-Encoding = null
gateway-ms_1 | 2016-05-09 16:22:19.294 DEBUG 1 --- [qtp351251459-24] c.n.zuul.http.HttpServletRequestWrapper : Content-Encoding = null
gateway-ms_1 | 2016-05-09 16:22:19.295 DEBUG 1 --- [qtp351251459-24] c.n.zuul.http.HttpServletRequestWrapper : Content-Length header = -1
gateway-ms_1 | 2016-05-09 16:22:19.297 DEBUG 1 --- [qtp351251459-24] c.n.loadbalancer.ZoneAwareLoadBalancer : Zone aware logic disabled or there is only one zone
gateway-ms_1 | 2016-05-09 16:22:19.298 DEBUG 1 --- [qtp351251459-24] c.n.loadbalancer.LoadBalancerContext : register using LB returned Server: 172.17.0.4:28443 for request /testUser
gateway-ms_1 | 2016-05-09 16:22:19.298 DEBUG 1 --- [qtp351251459-24] com.netflix.niws.client.http.RestClient : RestClient sending new Request(GET: ) https://172.17.0.4:28443/testUser
gateway-ms_1 | 2016-05-09 16:22:19.300 DEBUG 1 --- [qtp351251459-24] c.n.http4.MonitoredConnectionManager : Get connection: {s}->https://172.17.0.4:28443, timeout = 3000
gateway-ms_1 | 2016-05-09 16:22:19.300 DEBUG 1 --- [qtp351251459-24] com.netflix.http4.NamedConnectionPool : [{s}->https://172.17.0.4:28443] total kept alive: 1, total issued: 0, total allocated: 1 out of 200
gateway-ms_1 | 2016-05-09 16:22:19.300 DEBUG 1 --- [qtp351251459-24] com.netflix.http4.NamedConnectionPool : Getting free connection [{s}->https://172.17.0.4:28443][null]
gateway-ms_1 | 2016-05-09 16:22:19.300 DEBUG 1 --- [qtp351251459-24] com.netflix.http4.NFHttpClient : Stale connection check
gateway-ms_1 | 2016-05-09 16:22:19.305 DEBUG 1 --- [qtp351251459-24] com.netflix.http4.NFHttpClient : Attempt 1 to execute request
register-ms_1 | 2016-05-09 16:22:19.312 DEBUG 1 --- [qtp376795121-24] com.jdh.register.clients.UserClient : [UserClient#testUser] ---> GET https://user/test HTTP/1.1
register-ms_1 | 2016-05-09 16:22:19.313 DEBUG 1 --- [qtp376795121-24] com.jdh.register.clients.UserClient : [UserClient#testUser] ---> END HTTP (0-byte body)
register-ms_1 | 2016-05-09 16:22:19.422 DEBUG 1 --- [qtp376795121-24] com.jdh.register.clients.UserClient : [UserClient#testUser] <--- ERROR UnknownHostException: user (109ms)
register-ms_1 | 2016-05-09 16:22:19.426 DEBUG 1 --- [qtp376795121-24] com.jdh.register.clients.UserClient : [UserClient#testUser] java.net.UnknownHostException: user
register-ms_1 | at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
register-ms_1 | at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
register-ms_1 | at java.net.Socket.connect(Socket.java:589)
register-ms_1 | at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
register-ms_1 | at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
register-ms_1 | at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
register-ms_1 | at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
register-ms_1 | at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
register-ms_1 | at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
register-ms_1 | at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1104)
register-ms_1 | at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:998)
register-ms_1 | at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
register-ms_1 | at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
evice-ms_1 | at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

最佳答案

feign Client 是注入(inject)功能区的地方。通过创建自己的客户端,您已选择退出功能区,因此功能区无法解析 http://user/...

这就是我们创建负载均衡器客户端的方式

@Bean
@ConditionalOnMissingBean
public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
SpringClientFactory clientFactory) {
return new LoadBalancerFeignClient(new Client.Default(null, null),
cachingFactory, clientFactory);
}

此外,通过使用 feign.Contract.Default(),您可以选择不使用 Spring MVC 注释,例如 @RequestMapping 并默认使用 feign 的注释。

关于spring - FeignClient 带有客户端证书和 Docker,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37123061/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com