I'm in the process of setting up a Spring Boot Admin application - although what exactly this application does is irrelevant in this context. What is important is that this application connects to another service using HTTPS.
What I have a problem with is the certificate - both services run in docker containers on more than one environment. This, plus the fact that the service discovery resolves services using IP addresses causes issues when certificate is validated. My plan was to - at least for development purposes - allow hosts to be connected to as long as the IP address is local. To do so I've written a MyHostnameVerifier class which implements HostnameVerifier. Then created a configuration class with a bean that would set this new HostnameVerifier to be a default one like so:
@Configuration
public class SecurityConfiguration {
private class MyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
// checks if IP address is local..
return true;
}
}
@PostConstruct
public void configureSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
}
}
What I have a problem with is that the implemented MyHostnameVerifier.verify method in the custom class never gets called. What's the reason for this?
configureSSL method does get called.
