Java Spring - RestTemplate 调用 https 休息服务时出错(证书错误)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32915964/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring - RestTemplate Error calling a https rest service (Certificate error)
提问by MickeyBG
I call in tomcat war a rest web service. I do the web service invocation with this:
我在 tomcat war 中调用了一个休息网络服务。我使用以下方法进行 Web 服务调用:
public UsuarioDTO validarDatosToken(String token, boolean incluirRoles) throws ModeloException, DAOException {
RestTemplate restTemplate = new RestTemplate();
UserRestVO page = restTemplate.getForObject("https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"), UserRestVO.class);
if (page != null && page.getStatusResult() != null && page.getStatusResult().getStatusCode().equals("OK") && page.getUser() != null) {
------------
return datos;
} else {
throw new ModeloException(ErroresGeneralesEnum.ERROR_TOKEN_CADUCADO);
}
}
}
public Authentication authenticateReal(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
UsuarioDTO usuario = null;
try {
usuario = usuariosService.validarDatosToken(username, true);
} catch (Exception e) {
e.printStackTrace();
Logger.getLogger(CustomAuthenticationProvider.class.getName()).error(e);
throw new BadCredentialsException("Username not found.");
}
}
The following error is produced when web service is called. I try to do a lot of things but notting works:
调用 Web 服务时会产生以下错误。我尝试做很多事情,但没有成功:
I think that the problem is with the certificate but i dont solve it. ?Do you have any idea?
我认为问题出在证书上,但我没有解决。?你有什么主意吗?
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://xxxxxxxxxxxxxxxxxxxxxxxx":java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext); nested exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:567) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:512) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:243) at custom.service.usuarios.impl.UsuariosServiceImpl.validarDatosToken(UsuariosServiceImpl.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy33.validarDatosToken(Unknown Source) at custom.view.filter.CustomAuthenticationProvider.authenticateReal(CustomAuthenticationProvider.java:48) at custom.view.filter.CustomAuthenticationProvider.authenticate(CustomAuthenticationProvider.java:37) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at custom.view.filter.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:103) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205) at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:409) at sun.net.NetworkClient.doConnect(NetworkClient.java:162) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:75) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:551) Caused by: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:528) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:495) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.security.Provider$Service.newInstance(Provider.java:1240) ... 64 more
org.springframework.web.client.ResourceAccessException:“ https://xxxxxxxxxxxxxxxxxxxxxxxx”的 GET 请求上的 I/O 错误“:java.security.NoSuchAlgorithmException:错误构造实现(算法:默认,提供者:SunJSSE,类:sun.security.ssl.SSLContextImpl$DefaultSSLContext);嵌套异常是java.net.SocketException:java.security.NoSuchAlgorithmException:错误构造org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:567) at org.springframework.web.client 的实现(算法:默认,提供者:SunJSSE,类:sun.security.ssl.SSLContextImpl$DefaultSSLContext)。 RestTemplate.execute(RestTemplate.java:512) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:243) at custom.service.usuarios.impl.UsuariosServiceImpl.validarDatosToken(UsuariosServiceImpl.java:69) at sun .reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect。NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support .AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) 在 org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) 在 org.springframework.aop.framework.ReflectiveMethodInvocation.proceed.:java17Invocation) org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98) 在 org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262) 在 org.springframework。transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jdk.DynamicAopProxy) 207) at com.sun.proxy.$Proxy33.validarDatosToken(Unknown Source) at custom.view.filter.CustomAuthenticationProvider.authenticateReal(CustomAuthenticationProvider.java:48) at custom.view.filter.CustomAuthenticationProvider.authenticate(CustomAuthenticationProvider.java:37) ) 在 org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) 在 custom.view.filter.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:103) 在 org.springframework。security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout。 LogoutFilter.doFilter(LogoutFilter.java:110) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在 org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal( WebAsyncManagerIntegrationFilter.java:50) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在 org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy。 doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework .web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java :210) 在 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) 在 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) 在 org.apache.catalina.Auththenicator .invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org. apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter. java:407) 在 org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002) 在 org.apache.coyote。AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) 在 org.apache.tomcat.util.net.JioEndpoint$SocketProcessor.run(JioEndpoint.java:312) 在 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java: 1145) 在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 在 java.lang.Thread.run(Thread.java:745) 引起:java.net.SocketException: java.security.NoSuchAlgorithmException :在 javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198) 在 javax.net.ssl.DefaultSSLSocketFactory 上构建实现时出错(算法:默认,提供者:SunJSSE,类:sun.security.ssl.SSLContextImpl$DefaultSSLContext) .createSocket(SSLSocketFactory.java:205) 在 sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:409) 在 sun.net.NetworkClient.doConnect(NetworkClient.java:162) 在 sun.net.www.http.HttpClient.openServer(HttpClient.java:432) 在 sun.net.www.http.HttpClient.openServer(HttpClient) .java:527) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net .www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection .connect(AbstractDelegateHttpsURLConnection.java:177) 在 sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) 在 org.springframework.http.client。SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:75) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(Abstract5ClientHttpRequest) at org: .springframework.web.client.RestTemplate.doExecute(RestTemplate.java:551) 引起:java.io.IOException:sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) 的无效密钥库格式在sun.security .provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221) at sun。 security.ssl.SSLContextImpl$DefaultSSLContext。getDefaultTrustManager(SSLContextImpl.java:528) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:495) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructor.javaAccessor) :57) 在 sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 在 java.lang.reflect.Constructor.newInstance(Constructor.java:526) 在 java.security.Provider$Service.newInstance(Provider.java: 1240) ... 64 更多newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.security.Provider$Service.newInstance (Provider.java:1240) ... 64 更多newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.security.Provider$Service.newInstance (Provider.java:1240) ... 64 更多
采纳答案by Marc
From your code i dont see any specific SSL configuration for your RestTemplate. Since i dont know which version of Spring (and related HTTPClient), i suggest try starting with the following code and see what happens:
从您的代码中,我没有看到您的 RestTemplate 的任何特定 SSL 配置。由于我不知道 Spring 的哪个版本(以及相关的 HTTPClient),我建议尝试从以下代码开始,看看会发生什么:
public void tryme() throws ClientProtocolException, IOException {
String urlOverHttps = "https:xxxxxxx";
CloseableHttpClient httpClient =
HttpClients.custom()
.setSSLHostnameVerifier(new NoopHostnameVerifier())
.build();
HttpComponentsClientHttpRequestFactory reqFactory =
new HttpComponentsClientHttpRequestFactory();
reqFactory.setHttpClient(httpClient);
ResponseEntity<String> response =
new RestTemplate(reqFactory).exchange(
urlOverHttps, HttpMethod.GET, null, String.class);
String responseCode = response.getStatusCode();
}
This should in theory bypass certs check. It requires HTTPClient 4.4. As i said, you dont expose many details of your current configuration so i can really only wild guess here.
这在理论上应该绕过证书检查。它需要 HTTPClient 4.4。正如我所说,您没有公开当前配置的许多细节,所以我只能在这里胡乱猜测。
回答by MickeyBG
I found the error Somebody change the etc/init.d/tomcat7 to include two lines with a invalid cert store. Removing it, it's work! thanks to all
我发现错误有人将 etc/init.d/tomcat7 更改为包含带有无效证书存储的两行。删除它,它的工作!谢谢大家
-Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456
