springboot 1.5.20.RELEASE可能会将http请求变成https
原创springboot 1.5.20.RELEASE可能会将http请求变成https
原创
CoffeeLand
修改于 2020-04-26 17:44:48
修改于 2020-04-26 17:44:48
代码可运行
运行总次数:0
代码可运行
us backgroud
系统的有一个写log的微服务A, spring boot的version是2.1.5.RELEASE
另有一个service B, spring boot version是1.5.20.RELEASE
Service B 通过resttemplate 去调用service A去写log
会出现以下error
Unrecognized SSL message, plaintext connection?; nested exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?",
{
"timestamp": 1587885892307,
"status": 500,
"error": "Internal Server Error",
"exception": "org.springframework.web.client.ResourceAccessException",
"message": "I/O error on POST request for \"http://systemlogging-v1/\": Unrecognized SSL message, plaintext connection?; nested exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?",
"path": "/execution-control/_execute"
}issue invesigation
这是由于1.5.20.RELEASE版本里的bug导致的
public class EurekaServerIntrospector extends DefaultServerIntrospector {
@Override
public boolean isSecure(Server server) {
if (server instanceof DiscoveryEnabledServer) {
DiscoveryEnabledServer discoveryServer = (DiscoveryEnabledServer) server;
return discoveryServer.getInstanceInfo().isPortEnabled(InstanceInfo.PortType.SECURE);
}
return super.isSecure(server);
}package org.springframework.cloud.netflix.ribbon;
import java.util.Collections;
import java.util.Map;
import com.netflix.loadbalancer.Server;
/**
* @author Spencer Gibb
*/
public class DefaultServerIntrospector implements ServerIntrospector {
@Override
public boolean isSecure(Server server) {
// Can we do better?
return (""+server.getPort()).endsWith("443");
// 这样会导致serviceA的端口如果是以443结尾, 比如40443, 会误以为secure, 从而将http请求转换成https
}
@Override
public Map<String, String> getMetadata(Server server) {
return Collections.emptyMap();
}
}How to fix issue
upgrade the springboot version to 2.1.0.RELEASE
@ConfigurationProperties("ribbon")
public class ServerIntrospectorProperties {
private List<Integer> securePorts = Arrays.asList(443,8443);
public List<Integer> getSecurePorts() {
return securePorts;
}
}
public class EurekaServerIntrospector extends DefaultServerIntrospector {
@Override
public boolean isSecure(Server server) {
if (server instanceof DiscoveryEnabledServer) {
DiscoveryEnabledServer discoveryServer = (DiscoveryEnabledServer) server;
return discoveryServer.getInstanceInfo().isPortEnabled(InstanceInfo.PortType.SECURE);
}
return super.isSecure(server);
}
}
/**
* @author Spencer Gibb
*/
public class DefaultServerIntrospector implements ServerIntrospector {
private ServerIntrospectorProperties serverIntrospectorProperties = new ServerIntrospectorProperties();
@Autowired(required = false)
public void setServerIntrospectorProperties(ServerIntrospectorProperties serverIntrospectorProperties){
this.serverIntrospectorProperties = serverIntrospectorProperties;
}
@Override
public boolean isSecure(Server server) {
//这里使用了List<Integer> securePorts = Arrays.asList(443,8443);。 判断list里是否包含指定端口, 而不是盘算以什么结尾
return serverIntrospectorProperties.getSecurePorts().contains(server.getPort());
}
}原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
