在一次API接口请求中,在正式环境下请求是没有问题,在测试环境中,请求HTTPS,出现开放证书验证异常
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin
主要异常
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin
解决过程中出现的问题
- java.net.SocketException: Connection reset
- javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
- javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
关键词
使用HTTPClient时不检测服务器证书
解决过程
使用HttpURLConnection 使用JDK原生提供的net
网上查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
具体实现
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+ session.getPeerHost());
return true;
}
};
private static void trustAllHttpsCertificates() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext
.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
}
static class miTM implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}
完整代码 GET 例子
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.apache.log4j.Logger;
import org.htmlparser.util.ParserException;
import com.xwtech.parser.GetRequestHtmlParser;
import com.xwtech.pojo.ExtendCandidate;
/*
* GET请求类
*/
public class GetRequest {
private String url = "https://b2b.10086.cn/b2b/main/viewNoticeContent.html?noticeBean.id=";
private Logger logger;
public GetRequest() {
logger = Logger.getLogger(GetRequest.class);
}
private static void trustAllHttpsCertificates() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
//为更好的演示,去掉了不相关的代码
public void getData(String id) {
this.url = url + id;
BufferedReader in = null;
HttpURLConnection conn = null;
String result = "";
try { //该部分必须在获取connection前调用
trustAllHttpsCertificates();
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
logger.info("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
conn = (HttpURLConnection)new URL(url).openConnection();
// 发送GET请求必须设置如下两行
conn.setDoInput(true);
conn.setRequestMethod("GET");
// flush输出流的缓冲
in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
while ((line = in.readLine()) != null) {
result += line;
}
} catch (Exception e) {
logger.error("发送 GET 请求出现异常!\t请求ID:"+id+"\n"+e.getMessage()+"\n");
} finally {// 使用finally块来关闭输出流、输入流
try {
if (in != null) {
in.close();
}
} catch (IOException ex) {
logger.error("关闭数据流出错了!\n"+ex.getMessage()+"\n");
}
}
// 获得相应结果result,可以直接处理......
}
static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}
}
Post请求需要忽略证书信任与这个一样,在获取连接前,加上以上代码。
// 这是一个方法,具体见上面
trustAllHttpsCertificates();
//这里HttpsURLConnection是类名,hv参数需要自己创建,具体可以参考上面。
HttpsURLConnection.setDefaultHostnameVerifier(hv);
最终结论:此方法并未解决能问题
并且请求时出现了SSLHandshakeException
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
起初也怀疑是客户端和服务端SSL协议版本不一致导致产生此异常。最终也并不是SSL协议版本不一致。
有兴趣了解更多https.protocols在Java中的使用,可以阅读这篇文章:https.protocols在Java中的使用
尝试解决:
需要设置Java客户端https.protocols环境变量,使用服务端支持的SSL协议版本。
- 安装 nmap
使用nmap可以查看服务端支持是SSL协议版本,如果你的机器上未安装nmap,可以使用下面的命令安装(以CentOS为例):
sudo yum install nmap
查看该服务支持的HTTPS协议版本:
$ nmap --script ssl-enum-ciphers -p 443 kubeboard.yidian-inc.com
Starting Nmap 6.40 ( http://nmap.org ) at 2019-12-04 18:37 CST
Nmap scan report for 10.101.211.62
Host is up (0.000094s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0: No supported ciphers found
| TLSv1.1: No supported ciphers found
|_ TLSv1.2: No supported ciphers found
- 设置https.protocols
从上面的信息可以看到,该服务支持TLSv1.0、TLSv1.1、TLSv1.2,所以我将https.protocols设置成了下面的模样:
System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,TLSv1.0,SSLv3");
但紧接着抛出下面的错误信息:
Caused by: java.lang.IllegalArgumentException: TLSv1.0
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
原因是:我使用的JDK 8不支持TLSv1.0,那就把TLSv1.0去掉吧。
- 输出网络日志
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
可以通过在启动命令中设置-Djavax.net.debug=all或在Java代码中以下面的方式启动网络调试输出:
System.setProperty("javax.net.debug", "all");
然后看到下面的输出:
main, WRITE: TLSv1.2 Handshake, length = 88
[Raw write]: length = 93
0000: 16 03 03 00 58 01 00 00 54 03 03 5D E7 98 04 87 ....X...T..]....
0010: BF 47 63 0F 9E C1 B6 BA BF 39 05 78 28 00 54 87 .Gc......9.x(.T.
0020: 55 F5 71 B2 7B DF 8B E7 55 0A E4 00 00 02 00 35 U.q.....U......5
0030: 01 00 00 29 00 0D 00 1C 00 1A 06 03 06 01 05 03 ...)............
0040: 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 ................
0050: 02 01 02 02 00 17 00 00 FF 01 00 01 00 .............
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
从第1行和第14行可以看到,客户端和服务端都使用了TLSv1.2,说明并不是协议版本不一致。
善用Google最终在OSCHINA找到了解决方法
这个是JDK导致的,JDK里面有一个jce的包,安全性机制导致的访问https会报错,官网上有替代的jar包,将其替换掉即可。
JCE包下载地址:
- JDK6 jce_policy-6.zip
- JDK7 UnlimitedJCEPolicyJDK7.zip
- JDK8 jce_policy-8.zip
下载后解压,可以看到local_policy.jar和US_export_policy.jar以及readme.txt,
替换${java_home}/jre/lib/security/ 下面的local_policy.jar和US_export_policy.jar即可。
想更深入的里了解,请参考 Java密钥长度受限制问题解决
异常解决后,满心欢喜再次发送请求,再次爆出异常
java.net.SocketException: Connection reset
直接看就对了, 一次SocketException: Connection reset
再次发送请求,最后依然是
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
尝试自己生成安全证书
写一个安全程序专门用于获取安全证书:
/*
* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Sun Microsystems nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
import java.io.*;
import java.net.URL;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
public class InstallCert {
public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP
+ "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}
BufferedReader reader =
new BufferedReader(new InputStreamReader(System.in));
System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println
(" " + (i + 1) + " Subject " + cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
}
System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}
X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
("Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'");
}
private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}
private static class SavingTrustManager implements X509TrustManager {
private final X509TrustManager tm;
private X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}
}
将代码保存为InstallCert.java文件,并通过javac InstallCert.java 命令编译Java程序
执行 java InstallCert hostname 命令,如:java InstallCert 192.168.1.137:8443(要访问的目标程序的IP地址和端口),然后会看到如下信息:
插曲:javac编译成功,在使用java命令执行Java程序时,出现 无法运行java“找不到或无法加载主类”
我原地螺旋升天,这到底什么时候才是个头?
尝试在CLASSPATH环境变量中添加一个当前路径".;",但是我发现本身已经有了。
于是尝试cd 到主目录执行java命令,仍然无法找到主目录,cd到文件当前目录下也是无法找到!
一番思考找到问题!由于源码中有包名,所以才会导致加载主类失败。
所以在执行时要cd到主目录,java名字带上包名即可
模拟例子
// 执行完没有异常返回即可,可查看是否生成对应class文件
javac HelloWorld.java
// 假设当前为 D/code/test/com/frist/
cd d/code/test
java com.frist.helloWorld
java InstallCert ecc.fedora.redhat.com
Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...
Opening connection to ecc.fedora.redhat.com:443...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 13 more
Server sent 2 certificate(s):
1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US
Issuer CN=Certificate Shack, O=example.com, C=US
sha1 2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7
md5 dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54
2 Subject CN=Certificate Shack, O=example.com, C=US
Issuer CN=Certificate Shack, O=example.com, C=US
sha1 fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6
md5 72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68
Enter certificate to add to trusted keystore or 'q' to quit: [1]
直接输入1,然后会在相应的目录下产生一个名为‘jssecacerts’的证书,将证书copy到$JAVA_HOME/jre/lib/security目录下,或者通过执行:
System.setProperty(“javax.net.ssl.trustStore”, "D:\UTA\DOC_E_Health_XML\Keystore\jssecacerts
重启程序即可解决
生成文件失败,可能有人能成功。
报出异常
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
异常记录分析 javax.net.ssl.SSLException: Unrecognized SSL message
被Exception包围的一天!
祭出最终杀招,可谓妙药良方,Exception消除。
创建一个信任所有证书的HttpClient对象
/**
* 创建一个SSL信任所有证书的httpClient对象
*
* @return
*/
public static CloseableHttpClient createSSLClientDefault() {
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
// 信任所有
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
return HttpClients.createDefault();
}
完整请求
/**
* @Title:POST请求
* @param url 请求地址
* @param params Map集合(输入参数要求为JSON对象)
* @return String
*/
public static String sendPost(String url, Map<String, Object> params) throws IOException {
// 设置默认请求头
Map<String, String> headers = new HashMap<>();
headers.put("Content-Type", "application/json");
// 将map转成json
JSONObject data = JSONObject.parseObject(JSON.toJSONString(params));
return doPostByJSON(url, headers, data, ENCODING);
}
private static String doPostByJSON(String url, Map<String, String> headers, JSONObject data, String encoding) throws IOException {
// 请求返回结果
String resultJson = null;
// 创建Client
CloseableHttpClient client = createSSLClientDefault();
// 发送请求,返回响应对象
CloseableHttpResponse response = null;
// 创建HttpPost对象
HttpPost httpPost = new HttpPost();
/**
* setConnectTimeout:设置连接超时时间,单位毫秒。
* setConnectionRequestTimeout:设置从connect Manager(连接池)获取Connection
* 超时时间,单位毫秒。这个属性是新加的属性,因为目前版本是可以共享连接池的。
* setSocketTimeout:请求获取数据的超时时间(即响应时间),单位毫秒。
* 如果访问一个接口,多少时间内无法返回数据,就直接放弃此次调用。
*/
RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(CONNECT_TIMEOUT).setSocketTimeout(SOCKET_TIMEOUT).build();
httpPost.setConfig(requestConfig);
try {
// 设置请求地址
httpPost.setURI(new URI(url));
// 设置请求头
packageHeader(headers, httpPost);
// 设置实体
httpPost.setEntity(new StringEntity(JSON.toJSONString(data)));
// 发送请求,返回响应对象
response = client.execute(httpPost);
// 获取响应状态
int status = response.getStatusLine().getStatusCode();
if (status != HttpStatus.SC_OK) {
System.out.println("响应失败,状态码:" + status);
}
// 获取响应结果
resultJson = EntityUtils.toString(response.getEntity(), encoding);
} catch (Exception e) {
e.printStackTrace();
} finally {
release(response, client);
}
return resultJson;
}
/**
* Description: 封装请求头
*
* @param params
* @param httpMethod
*/
public static void packageHeader(Map<String, String> params, HttpRequestBase httpMethod) {
// 封装请求头
if (params != null) {
Set<Map.Entry<String, String>> entrySet = params.entrySet();
for (Map.Entry<String, String> entry : entrySet) {
// 设置到请求头到HttpRequestBase对象中
httpMethod.setHeader(entry.getKey(), entry.getValue());
}
}
}
参考博文:
HTTP请求HTTPS请求 (忽略验证)
