我有一個 spring oauth2 服務,當該服務嘗試創建 bean 時jwtDecoderByIssuerUri它失敗了,因為:
...
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of <issuer>
...
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "<issuer>": No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: No subject alternative names present
在我已禁用 ssl 驗證執行以下操作后,會出現此錯誤:
public final class SSLUtil {
private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
// Install the all-trusting trust manager
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
// Return it to the initial state (discovered by reflection, now hardcoded)
SSLContext.getInstance("SSL").init(null, null, null);
}
private SSLUtil() {
throw new UnsupportedOperationException("Do not instantiate libraries.");
}
}
@Bean
JwtDecoder jwtDecoderByIssuerUri(final OAuth2ResourceServerProperties properties) throws KeyManagementException, NoSuchAlgorithmException {
turnOffSslChecking();
return JwtDecoders.fromIssuerLocation(properties.getJwt().getIssuerUri());
}
在我添加之前turnOffSslChecking(),錯誤是:
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
有沒有辦法避免所有這些 ssl 驗證內容?
uj5u.com熱心網友回復:
Oauth2 服務器需要使用 SSL/TLS。(第 2.3.1 節隨后參考TLS Version了 Oauth 規范的第 1.6 節- https://www.rfc-editor.org/rfc/rfc6749)您最好解決原始問題而不是禁用 SSL。
您最初的問題是因為您需要將證書的公鑰安裝到 TrustStore 中,而不是創建一個完全信任的 TrustManager。您沒有指定,但我假設您使用的是帶有默認 java TrustStore 的自簽名證書。如果是這樣,本文中的步驟應該可以解決問題。 https://medium.com/expedia-group-tech/how-to-import-public-certificates-into-javas-truststore-from-a-browser-a35e49a806dc
如果我做出了錯誤的假設,請發布更多資訊。
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/336933.html
上一篇:如何將@Scheduled()注釋CRON運算式正確外部化到我的application.properties檔案中?它無法決議占位符
