摘要:序本文从里头摘出访问的源码,展示一下怎么用去访问。其中指定要不要检验,如果不校验,则是使用小结使用不去验证,但是可能存在风险构造
序
本文从spring cloud netflix zuul里头摘出httpclient访问https/http的源码,展示一下怎么用httpclient去访问https。
newConnectionManagerprotected PoolingHttpClientConnectionManager newConnectionManager(boolean sslHostnameValidationEnabled) {
try {
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} }, new SecureRandom());
RegistryBuilder registryBuilder = RegistryBuilder
. create()
.register("http", PlainConnectionSocketFactory.INSTANCE);
if (sslHostnameValidationEnabled) {
registryBuilder.register("https",
new SSLConnectionSocketFactory(sslContext));
}
else {
registryBuilder.register("https", new SSLConnectionSocketFactory(
sslContext, NoopHostnameVerifier.INSTANCE));
}
final Registry registry = registryBuilder.build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
connectionManager
.setMaxTotal(200);
connectionManager.setDefaultMaxPerRoute(20);
return connectionManager;
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
其中sslHostnameValidationEnabled指定要不要检验ssl,如果不校验,则是使用NoopHostnameVerifier
@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class NoopHostnameVerifier implements HostnameVerifier {
public static final NoopHostnameVerifier INSTANCE = new NoopHostnameVerifier();
@Override
public boolean verify(final String s, final SSLSession sslSession) {
return true;
}
@Override
public final String toString() {
return "NO_OP";
}
}
newClient
final RequestConfig requestConfig = RequestConfig.custom()
.setSocketTimeout(60000)
.setConnectTimeout(60000)
.setCookieSpec(CookieSpecs.IGNORE_COOKIES).build();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
HttpClient httpclient = httpClientBuilder.setConnectionManager(newConnectionManager(false))
.useSystemProperties().setDefaultRequestConfig(requestConfig)
.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false))
.setRedirectStrategy(new RedirectStrategy() {
@Override
public boolean isRedirected(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return false;
}
@Override
public HttpUriRequest getRedirect(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return null;
}
}).build();
request
HttpRequest httpRequest = new BasicHttpRequest("GET","/api/data");
HttpHost httpHost = new HttpHost("demo.com.cn",-1,"https");
try{
return httpClient.execute(httpHost, httpRequest);
// System.out.println(response.getEntity().getContent());
}catch (Exception e){
e.printStackTrace();
}
小结
使用NoopHostnameVerifier不去验证ssl,但是可能存在风险
构造X509TrustManager
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/70185.html
摘要:组件版本信息使用自带的命令生成文件命令将拷贝到目录下配置的目录文件,在配置文件中新增配置将工程添加进并启动,使用访问和链接。原理后续进一步研究 1.组件版本信息apache-tomcat-7.0.75JDK 1.8.0_91 2.使用jdk自带的keytool命令生成keystore文件test.keystore命令:keytool -genkey -alias test123 -ke...
摘要:如果服务器证书这两者不合法而我们又必须让其校验通过,则可以自己实现。这个属性是新加的属性,因为目前版本是可以共享连接池的。请求获取数据的超时时间,单位毫秒。如果访问一个接口,多少时间内无法返回数据,就直接放弃此次调用。 /** com.alibaba fastjson 1.2.47 org.apache.httpcomponents ht...
摘要:鉴于它还处在,如果不是着急使用,建议还是使用的,它是遵循规范的,使用起来更加方便。貌似要在版本才支持。揭秘让支持协议如何启用命令支持 序 本文主要研究下JEP 110: HTTP/2 Client (Incubator) 基本实例 sync get /** * --add-modules jdk.incubator.httpclient * @throws ...
阅读 1353·2021-11-25 09:43
阅读 3565·2021-11-10 11:48
阅读 4926·2021-09-23 11:21
阅读 1581·2019-08-30 15:55
阅读 3490·2019-08-30 13:53
阅读 1196·2019-08-30 10:51
阅读 820·2019-08-29 14:20
阅读 1955·2019-08-29 13:11
