覆盖SpringBoot中的默认X509TrustManager

Question

我正在尝试将我的DummyX509TrustManager与Springboot一起使用。

为了做到这一点，我写了下面的课：

@Configuration
public class DummyComponent {

@PostConstruct
public void sslContextConfiguration() {
    try {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[] { new DummyTrustManager() }, null);
        SSLContext.setDefault(sslContext);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

这似乎对我的代码没有任何影响，因为它使用了默认的X509TrustManagerImpl。也许我必须以另一种方式覆盖它？

SOLUTION：

@Configuration
public class MyConfig {

@Bean
public TomcatServletWebServerFactory containerFactory() {
    TomcatServletWebServerFactory  tomcat = new TomcatServletWebServerFactory ();
    tomcat.addAdditionalTomcatConnectors(createSslConnector());
    return tomcat;
}

private Connector createSslConnector() {
    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
    try {
        File keystore = new ClassPathResource(keystorepath).getFile();
        File truststore = new ClassPathResource(truststorepath).getFile();
        connector.setScheme("https");
        connector.setSecure(true);
        connector.setPort(port);

        protocol.setKeystoreFile(keystore.getAbsolutePath());
        protocol.setKeystorePass(keystorepassw);
        protocol.setKeyAlias(keystorealias);
        protocol.setSSLEnabled(true);

        protocol.setTruststoreFile(truststore.getAbsolutePath());
        protocol.setTruststorePass(truststorepassw);
        protocol.setClientAuth(Boolean.TRUE.toString());

        protocol.setTrustManagerClassName("pakage.DummyTrustManager");

        return connector;
    }
    catch (IOException ex) {
        throw new IllegalStateException("can't access keystore: [" + "keystore"
                + "] or truststore: [" + "keystore" + "]", ex);
    }
}

}