Open
Description
Recently, in spring-boot 3.1, spring team introduced the SslBundles
component as a convenient way to configure SSL connection to RestTemplate
and RestClient
.
As reference: https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl
I similar approach would be interesting to exist in the spring-cloud-openfeign
.
I am currently taking the following approach:
application.yml
spring:
ssl:
bundle:
jks:
secure-service:
key:
alias: "secure-service"
keystore:
location: "classpath:keystore.p12"
password: "myStrongPassword"
type: "PKCS12"
@Bean
@ConditionalOnProperty(prefix = "spring.ssl.bundle.jks.secure-service.key", name = "alias")
public Client feignClient(SslBundles sslBundles) throws Exception {
// "secure-service" is defined in application properties
try {
SslBundle sslBundle = sslBundles.getBundle("secure-service");
SSLContext sslContext = sslBundle.createSslContext();
log.info("Configuring SSL Context for FeignClient");
return new Client.Default(sslContext.getSocketFactory(), new DefaultHostnameVerifier());
} catch (NoSuchSslBundleException ex) {
log.error("SSLContext not provided. Creating FeignClient without sslContext.");
throw new IllegalStateException("spring.ssl.bundle.jks.secure-service.key.alias not configure correctly. Please change your application properties, yml or environment configuration.");
}
}
I proposed approach would be similar to this:
@Bean
public restTemplate(RestTemplateBuilder restTemplateBuilder, SslBundles sslBundles) {
this.restTemplate = restTemplateBuilder.setSslBundle(sslBundles.getBundle("secure-service")).build();
}
Further reference: https://www.baeldung.com/spring-boot-security-ssl-bundles