java 如何使用 Rest 模板强制 TLS1.2 到 Rest 客户端
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39161542/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enforce TLS1.2 to Rest client using Rest Template
提问by Panther
I am consuming json webservice using Spring3.0 restTemplate by calling post method.
我通过调用 post 方法使用 Spring3.0 restTemplate 使用 json webservice。
MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);
HttpEntity<Object> entity = new HttpEntity<Object>(requestAsString, headers);
postForObject = restTemplate.postForObject(url, entity, responseClass );
Our application is deployed in WAS server and trying to connect producer by creating socket connection with TLS1.0. However, now producer only supports TLS1.1 and TLS1.2.
我们的应用程序部署在 WAS 服务器中,并尝试通过使用 TLS1.0 创建套接字连接来连接生产者。但是,现在生产者只支持 TLS1.1 和 TLS1.2。
How to enforce restTempate to use TLS1.1 or TLS 1.2.
如何强制 restTempate 使用 TLS1.1 或 TLS 1.2。
Normally for apache httpclient code , create custom ProtocolSocketFactory and override createSocket method. However , in case of RestTemplate , how to achieve same.
通常对于 apache httpclient 代码,创建自定义 ProtocolSocketFactory 并覆盖 createSocket 方法。但是,在 RestTemplate 的情况下,如何实现相同。
采纳答案by marthursson
You can configure your RestTemplate to use a custom ClientHttpRequestFactory. In particular (since you're using Spring 3.0), there is a CommonsClientHttpRequestFactory. That will enable you to configure commons HTTP in detail, and your RestTemplate will use that for executing its requests.
您可以将 RestTemplate 配置为使用自定义ClientHttpRequestFactory. 特别是(因为您使用的是 Spring 3.0),有一个CommonsClientHttpRequestFactory。这将使您能够详细配置 commons HTTP,并且您的 RestTemplate 将使用它来执行其请求。
Please note that the actual implementation classes have changed in later versions of Spring (and if you're still on 3.0 you really should consider updating). From 3.1 on the implementation class is called HttpComponentsClientHttpRequestFactory.
请注意,实际的实现类在 Spring 的更高版本中发生了变化(如果您仍然使用 3.0,您确实应该考虑更新)。从 3.1 开始就调用了实现类HttpComponentsClientHttpRequestFactory。
回答by Michal Foksa
With Spring > 3.1:
使用 Spring > 3.1:
import javax.net.ssl.SSLContext;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
CloseableHttpClient httpClient = HttpClientBuilder.create().setSSLContext(context)
.build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(factory);
.....
回答by Med Arrafi
@abhishekhp If your question is still up.
@abhishekhp 如果您的问题仍然存在。
RestTemplate restTemplate = new RestTemplate();
DefaultHttpClient httpClient = new DefaultHttpClient();
// We're going to try and load and enable TLS version 1.2 standard communication context from JSSE Providers
// This is enabled only for download media Mirakl as some merchants don't accept communication with TLS versions prior to 1.1
try {
SSLContext context;
context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
SSLSocketFactory ssf = new SSLSocketFactory(context);
ClientConnectionManager ccm = httpClient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
sr.register(new Scheme("https", 443, ssf));
} catch (NoSuchAlgorithmException | KeyManagementException e) {
LOGGER.warn("Could not load the TLS version 1.2 due to => ", e);
}
restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));
