如何修改Spring ProxyExchange中使用的RestTemplate?(MVC环境)
2026-5-8
当然可以实现!这里给你一套针对Spring MVC环境下修改ProxyExchange默认RestTemplate的方案
首先得明确:ProxyExchange在Spring MVC场景下默认依赖RestTemplate来处理转发请求,所以我们只需要替换掉默认的RestTemplate为忽略SSL证书的版本,再让ProxyExchange用上它就行。而且一定要注意只在开发环境生效,别带到生产环境!
步骤1:编写忽略SSL证书的RestTemplate配置
先写一个自定义的ClientHttpRequestFactory,用来绕过SSL证书验证:
import org.springframework.http.client.SimpleClientHttpRequestFactory; import javax.net.ssl.*; import java.security.cert.X509Certificate; public class SslIgnoringClientHttpRequestFactory extends SimpleClientHttpRequestFactory { @Override protected void prepareConnection(HttpURLConnection connection, String httpMethod) { try { if (connection instanceof HttpsURLConnection) { HttpsURLConnection httpsConn = (HttpsURLConnection) connection; // 创建信任所有证书的SSL上下文 SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[]{new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) {} @Override public void checkServerTrusted(X509Certificate[] chain, String authType) {} @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, new java.security.SecureRandom()); httpsConn.setSSLSocketFactory(sslContext.getSocketFactory()); // 跳过主机名验证 httpsConn.setHostnameVerifier((hostname, session) -> true); } super.prepareConnection(connection, httpMethod); } catch (Exception e) { throw new RuntimeException("Failed to prepare SSL connection", e); } } }
接着创建配置类,生成这个自定义的RestTemplate,并且只在开发环境激活:
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.web.client.RestTemplate; @Configuration @Profile("dev") // 仅开发环境生效,生产环境自动禁用 public class DevProxyRestTemplateConfig { @Bean public RestTemplate sslIgnoringRestTemplate() { RestTemplate restTemplate = new RestTemplate(); restTemplate.setRequestFactory(new SslIgnoringClientHttpRequestFactory()); return restTemplate; } }
步骤2:让ProxyExchange使用自定义的RestTemplate
在Spring MVC中,ProxyExchange默认会自动注入容器中的RestTemplate。不过为了确保它能精准用上我们的自定义实例,可以额外配置一个ProxyExchange的Bean:
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.web.servlet.function.ProxyExchange; @Configuration @Profile("dev") public class DevProxyExchangeConfig { // 注入我们刚才定义的忽略SSL的RestTemplate @Bean public ProxyExchange<?> proxyExchange(RestTemplate sslIgnoringRestTemplate) { return new ProxyExchange<>(sslIgnoringRestTemplate); } }
最后验证一下
在你的控制器中正常使用ProxyExchange就行,比如:
@GetMapping("/proxy/**") public ResponseEntity<?> proxyRequest(ProxyExchange<?> proxy) throws Exception { // 这里的proxy已经在用我们的忽略证书的RestTemplate了 return proxy.uri("/target-api/**").forward(); }
这样配置后,开发环境下通过ProxyExchange转发请求时,就会自动忽略目标服务的SSL证书验证了。再次提醒:千万不要在生产环境启用这个配置,会带来严重的安全风险!
内容的提问来源于stack exchange,提问作者Nati
