网上大部分解决方案都是,自定义注入Client.Default,传入一个忽略SSL证书的SSLSocketFactory
但这样是有问题的,如果feignclient的url未指定时,client的实现是RetryableFeignBlockingLoadBalancerClient, 你先前注入的Client.Default就会影响需要服务发现的相关逻辑
我们可以实现个一个FeignBuilderCustomizer,来解决以上问题
@Bean
public FeignBuilderCustomizer feignBuilderCustomizer() {
return b -> {
try {
Class<Feign.Builder> builderClass = Feign.Builder.class;
Field client = builderClass.getDeclaredField("client");
client.setAccessible(true);
Object field = ReflectionUtils.getField(client, b);
// 判断是否是默认的Client, 如果是默认的实现,说明指定了url, 替换成忽略ssl的默认实现
if( field instanceof Client.Default) {
b.client(feignClient());
}
}catch(Exception e){
log.error("使用FeignBuilderCustomizer异常: {}", e.getMessage(), e);
}
};
}
public Client feignClient() {
return new Client.Default(getSslSocketFactory(), new NoopHostnameVerifier());
}
private SSLSocketFactory getSslSocketFactory() {
try {
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
return sslContext.getSocketFactory();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
