我如何使用 spring 社交休息模板交換方法忽略 OAuth2RequestInterceptor

Question

API 請求頭格式

.....
Authorization: KakaoAK {token}
.....

我的自定義客戶端 http 請求攔截器

class AdminKeyHeaderOAuth2RequestInterceptor implements ClientHttpRequestInterceptor {
    @Override
    public ClientHttpResponse intercept(final HttpRequest request, final byte[] body, ClientHttpRequestExecution execution) throws IOException {
        return execution.execute(protectedResourceRequest, body);
    }
}

用

HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setAccept(Arrays.asList(new MediaType[]{MediaType.ALL}));
headers.set("Authorization", "KakaoAK " + adminKey); //admin key를 header에 셋팅해야함

MultiValueMap<String, String> param = new LinkedMultiValueMap<String, String>();
param.set("limit", limit);
param.set("fromId", fromId);
param.set("order", order);

restTemplate.setInterceptors(Arrays.asList(new ClientHttpRequestInterceptor[]{new AdminKeyHeaderOAuth2RequestInterceptor()}));

ResponseEntity<KakaoIds> response = restTemplate.exchange(buildApiUri("/v1/user/ids", param).toString(), HttpMethod.GET, new HttpEntity<Object>(headers), KakaoIds.class);

但是請求過程轉到“org.springframework.social.oauth2.OAuth2RequestInterceptor”類的“intercep”方法並覆蓋http標頭。 （在我的自定義請求攔截器之后）

org.springframework.social.oauth2.OAuth2RequestInterceptor#intercep

HttpRequest protectedResourceRequest = new HttpRequestDecorator(request);
protectedResourceRequest.getHeaders().set("Authorization", oauth2Version.getAuthorizationHeaderValue(accessToken));
return execution.execute(protectedResourceRequest, body);

服務器收到的請求頭格式

....
Authorization: Bearer {token}
....

我該如何解決這個問題？

Answer 1

https://progressivecoder.com/avoid-ssl-validation-spring-boot-resttemplate/

我在progressivecoder中發現了這個bolg，試試

@Bean
public RestTemplate restTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                        .loadTrustMaterial(null, acceptingTrustStrategy)
                        .build();

        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);

        CloseableHttpClient httpClient = HttpClients.custom()
                        .setSSLSocketFactory(csf)
                        .build();

        HttpComponentsClientHttpRequestFactory requestFactory =
                        new HttpComponentsClientHttpRequestFactory();

        requestFactory.setHttpClient(httpClient);
        RestTemplate restTemplate = new RestTemplate(requestFactory);
    return restTemplate;
}

使用這個 RestTemplate 方法你不需要創建一個標題，它會跳過驗證

try {
        RestTemplate restTemplate = restTemplate();
        HttpHeaders headers = new HttpHeaders();
        HttpEntity<String> httpEntity = new HttpEntity<>(headers);
        ResponseEntity<String> entity = restTemplate.exchange(harborHealthCheck.toString(), HttpMethod.GET, httpEntity, new ParameterizedTypeReference<String>(){});
        if(PaasConst.SUCCESS == entity.getStatusCodeValue()){
          return entity.getBody();   
        }else {
            throw new BusinessException(ExceptionType.ERROR_IO_EXCEPTION);
        }
    }catch (Exception e){
        throw new BusinessException(ExceptionType.ERROE_NETWORK_REQUEST, e);
    }