feign调用远程服务如何忽略SSL证书

1.引入依赖

        <dependency>
            <groupId>org.springframework.cloudgroupId>
            <artifactId>spring-cloud-starter-openfeignartifactId>
        dependency>

        <dependency>
            <groupId>io.github.openfeigngroupId>
            <artifactId>feign-okhttpartifactId>
            <version>10.2.0version>
        dependency>

2.添加配置

#禁用ssl证书验证
feign.httpclient.disable-ssl-validation=true

完成以上两步，feign调用远程服务就会自动忽略SSL证书了。

3.原理解释

原理在FeignAutoConfiguration类中，在内部类OkHttpFeignConfiguration中，有以下配置bean

@Bean
		public okhttp3.OkHttpClient client(OkHttpClientFactory httpClientFactory,
										   ConnectionPool connectionPool, FeignHttpClientProperties httpClientProperties) {
			Boolean followRedirects = httpClientProperties.isFollowRedirects();
			Integer connectTimeout = httpClientProperties.getConnectionTimeout();
			// 这行代码就是设置是否忽略SSL，取的配置参数
			Boolean disableSslValidation = httpClientProperties.isDisableSslValidation();
			this.okHttpClient = httpClientFactory.createBuilder(disableSslValidation).
					connectTimeout(connectTimeout, TimeUnit.MILLISECONDS).
					followRedirects(followRedirects).
					connectionPool(connectionPool).build();
			return this.okHttpClient;
		}

到了真正调用的地方在SynchronousMethodHandler类中，见invoke方法内，

public Object invoke(Object[] argv) throws Throwable {
    RequestTemplate template = buildTemplateFromArgs.create(argv);
    Retryer retryer = this.retryer.clone();
    while (true) {
      try {
      	// 这里是真正调用
        return executeAndDecode(template);
      } catch (RetryableException e) {
       	// ... 忽略以下代码
      }
    }
  }





Object executeAndDecode(RequestTemplate template) throws Throwable {
    Request request = targetRequest(template);
    Response response;
    try {
    	// 真正调用，因为引入了okhttp，所以会调用到okhttp的execute方法
      response = client.execute(request, options);
    } catch (IOException e) {
      // ...
    }
    // ...
  }

public final class OkHttpClient implements Client {

	  private final okhttp3.OkHttpClient delegate;
	  @Override
	  public feign.Response execute(feign.Request input, feign.Request.Options options)
	      throws IOException {
	      // 此处注入的delegate就是3.原理解释上面定义的bean，bean在定义时就已经设置了忽略SSL证书
	    okhttp3.OkHttpClient requestScoped;
	    if (delegate.connectTimeoutMillis() != options.connectTimeoutMillis()
	        || delegate.readTimeoutMillis() != options.readTimeoutMillis()) {
	      requestScoped = delegate.newBuilder()
	          .connectTimeout(options.connectTimeoutMillis(), TimeUnit.MILLISECONDS)
	          .readTimeout(options.readTimeoutMillis(), TimeUnit.MILLISECONDS)
	          .followRedirects(options.isFollowRedirects())
	          .build();
	    } else {
	      requestScoped = delegate;
	    }
	    Request request = toOkHttpRequest(input);
	    Response response = requestScoped.newCall(request).execute();
	    return toFeignResponse(response, input).toBuilder().request(input).build();
	  }
  }