在spring的resttemplate发出的每个请求发送客户端证书的正确方法是什么?
我想用我的spring应用程序使用REST服务。 要访问该服务,我有一个客户端证书(自签名和.jks格式)进行授权。 对其他服务进行身份validation的正确方法是什么?
这是我的要求:
public List getInfo() throws RestClientException, URISyntaxException { HttpEntity httpEntity = new HttpEntity(null, new HttpHeaders()); ResponseEntity resp = restOperations.exchange( new URI(BASE_URL + "/Info"), HttpMethod.GET, httpEntity, Info[].class); return Arrays.asList(resp.getBody()); } 下面是如何使用RestTemplate和Apache HttpClient执行此操作的示例
您应该使用配置的SSL上下文定义自己的RestTemplate :
@Bean public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception { char[] password = "password".toCharArray(); SSLContext sslContext = SSLContextBuilder.create() .loadKeyMaterial(keyStore("classpath:cert.jks", password), password) .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); HttpClient client = HttpClients.custom().setSSLContext(sslContext).build(); return builder .requestFactory(new HttpComponentsClientHttpRequestFactory(client)) .build(); } private KeyStore keyStore(String file, char[] password) throws Exception { KeyStore keyStore = KeyStore.getInstance("PKCS12"); File key = ResourceUtils.getFile(file); try (InputStream in = new FileInputStream(key)) { keyStore.load(in, password); } return keyStore; }
现在,此模板执行的所有远程调用都将使用cert.jks进行签名。 注意 :您需要将cert.jks放入类路径中
@Autowired private RestTemplate restTemplate; public List getInfo() throws RestClientException, URISyntaxException { HttpEntity httpEntity = new HttpEntity<>(null, new HttpHeaders()); ResponseEntity resp = restTemplate.exchange( new URI(BASE_URL + "/Info"), HttpMethod.GET, httpEntity, Info[].class); return Arrays.asList(resp.getBody()); }
或者您可以将证书导入JDKs cacerts,使用jdk(在您的情况下为rest模板)的所有HTTP客户端将使用证书进行REST调用。
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file foo.cer -alias alias
PS:成功导入后不要忘记重启服务器。 密钥库的默认密码 – changeit