Feign忽略Https的SSL最佳方案（且保证负载均衡将失效）

同时解决Https的SSL证书验证问题和feign不支持Patch请求方法的问题

代码 1. 工具类 OkHttpUtils.java

import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;/*** @author Vania*/
public class OkHttpUtils {/*** X509TrustManager instance which ignored SSL certification*/public static final X509TrustManager IGNORE_SSL_TRUST_MANAGER_X509 = new X509TrustManager() {@Overridepublic void checkClientTrusted(X509Certificate[] chain, String authType) {}@Overridepublic void checkServerTrusted(X509Certificate[] chain, String authType) {}@Overridepublic X509Certificate[] getAcceptedIssuers() {return new X509Certificate[]{};}};/*** Get initialized SSLContext instance which ignored SSL certification** @return* @throws NoSuchAlgorithmException* @throws KeyManagementException*/public static SSLContext getIgnoreInitedSslContext() throws NoSuchAlgorithmException, KeyManagementException {SSLContext sslContext = SSLContext.getInstance("SSL");sslContext.init(null, new TrustManager[]{IGNORE_SSL_TRUST_MANAGER_X509}, new SecureRandom());return sslContext;}/*** Get HostnameVerifier which ignored SSL certification** @return*/public static HostnameVerifier getIgnoreSslHostnameVerifier() {return new HostnameVerifier() {@Overridepublic boolean verify(String arg0, SSLSession arg1) {return true;}};}
}

代码 2. 工具类 FeignConfiguration.java

import feign.Client;
import feign.okhttp.OkHttpClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;@Slf4j
@Configuration
public class FeignConfiguration {/*** 解决 feign client 中https不安全的问题** @param cachingFactory* @param clientFactory* @return*/@Beanpublic Client feignClient(CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {// 此处必须为 new LoadBalancerFeignClient 否则负载均衡将失效（现象：消费者无法从注册中心获取服务提供者的ip）// 这个只能解决忽略https证书验证// return new LoadBalancerFeignClient(new Client.Default(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build().getSocketFactory(), new NoopHostnameVerifier()),//        cachingFactory, clientFactory);// 使用okhttp 解决证书验证 和 Patch请求方法不支持的问题return new LoadBalancerFeignClient(new OkHttpClient(new okhttp3.OkHttpClient().newBuilder().sslSocketFactory(OkHttpUtils.getIgnoreInitedSslContext().getSocketFactory(), OkHttpUtils.IGNORE_SSL_TRUST_MANAGER_X509).hostnameVerifier(OkHttpUtils.getIgnoreSslHostnameVerifier()).build()),cachingFactory, clientFactory);}
}