springboot 1.5.20.RELEASE可能会将http请求变成https

原创

CoffeeLand

修改于 2020-04-26 17:44:48

1.2K0

修改于 2020-04-26 17:44:48

文章被收录于专栏：CoffeeLand

us backgroud

系统的有一个写log的微服务A, spring boot的version是2.1.5.RELEASE

另有一个service B， spring boot version是1.5.20.RELEASE

Service B 通过resttemplate 去调用service A去写log

会出现以下error

Unrecognized SSL message, plaintext connection?; nested exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?",

{
  "timestamp": 1587885892307,
  "status": 500,
  "error": "Internal Server Error",
  "exception": "org.springframework.web.client.ResourceAccessException",
  "message": "I/O error on POST request for \"http://systemlogging-v1/\": Unrecognized SSL message, plaintext connection?; nested exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?",
  "path": "/execution-control/_execute"
}

issue invesigation

这是由于1.5.20.RELEASE版本里的bug导致的

public class EurekaServerIntrospector extends DefaultServerIntrospector {

	@Override
	public boolean isSecure(Server server) {
		if (server instanceof DiscoveryEnabledServer) {
			DiscoveryEnabledServer discoveryServer = (DiscoveryEnabledServer) server;
			return discoveryServer.getInstanceInfo().isPortEnabled(InstanceInfo.PortType.SECURE);
		}
		return super.isSecure(server);
	}

package org.springframework.cloud.netflix.ribbon;

import java.util.Collections;
import java.util.Map;

import com.netflix.loadbalancer.Server;

/**
 * @author Spencer Gibb
 */
public class DefaultServerIntrospector implements ServerIntrospector {
	@Override
	public boolean isSecure(Server server) {
		// Can we do better?
		return (""+server.getPort()).endsWith("443"); 
		// 这样会导致serviceA的端口如果是以443结尾, 比如40443, 会误以为secure, 从而将http请求转换成https
	}

	@Override
	public Map<String, String> getMetadata(Server server) {
		return Collections.emptyMap();
	}
}

How to fix issue

upgrade the springboot version to 2.1.0.RELEASE

@ConfigurationProperties("ribbon")
public class ServerIntrospectorProperties {

	private List<Integer> securePorts = Arrays.asList(443,8443);

	public List<Integer> getSecurePorts() {
		return securePorts;
	}	
}

public class EurekaServerIntrospector extends DefaultServerIntrospector {

	@Override
	public boolean isSecure(Server server) {
		if (server instanceof DiscoveryEnabledServer) {
			DiscoveryEnabledServer discoveryServer = (DiscoveryEnabledServer) server;
			return discoveryServer.getInstanceInfo().isPortEnabled(InstanceInfo.PortType.SECURE);
		}
		return super.isSecure(server);
	}
}

/**
 * @author Spencer Gibb
 */
public class DefaultServerIntrospector implements ServerIntrospector {

	private ServerIntrospectorProperties serverIntrospectorProperties = new ServerIntrospectorProperties();

	@Autowired(required = false)
	public void setServerIntrospectorProperties(ServerIntrospectorProperties serverIntrospectorProperties){
		this.serverIntrospectorProperties = serverIntrospectorProperties;
	}

	@Override
	public boolean isSecure(Server server) {
	//这里使用了List<Integer> securePorts = Arrays.asList(443,8443);。 判断list里是否包含指定端口, 而不是盘算以什么结尾
		return serverIntrospectorProperties.getSecurePorts().contains(server.getPort());
	}
}

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

SSL 证书