[英]Spring cloud gateway resource server: No subject alternative names present
Our spring cloud gateway is configured as a resource server for token validation in keycloak and access control, our keycloak instance is running on https (for ldap connection), and when I try to send request to the gateway with the token, I get the error: `Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names'.我们的spring cloud网关被配置为keycloak和访问控制中令牌验证的资源服务器,我们的keycloak实例在https上运行(用于ldap连接),当我尝试使用令牌向网关发送请求时,出现错误:`由:javax.net.ssl.SSLHandshakeException:没有主题替代名称'。
What options do I have to disable certificate and subject alternative names checking during development for keycloak authentication?在密钥斗篷身份验证的开发过程中,我必须使用哪些选项来禁用证书和主题备用名称检查? Thanks for any recommendations.
感谢您的任何建议。
Ok,i forgot about this problem but i have simple solution now.好的,我忘记了这个问题,但我现在有简单的解决方案。 Look like a dev solution only.
看起来只是一个开发解决方案。
@Configuration
@Slf4j
@ConditionalOnProperty("spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
public class SslResolverConfig {
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
private String issuerUri;
@Bean
public ReactiveJwtDecoder reactiveJwtDecoder() {
log.debug("ISSUE uri {}", issuerUri);
var jvmBlockingResolver = createHttpClient();
var connector = new ReactorClientHttpConnector(jvmBlockingResolver);
var webClient = WebClient
.builder()
.clientConnector(connector)
.build();
return NimbusReactiveJwtDecoder
.withJwkSetUri(issuerUri)
.webClient(webClient)
.build();
}
@SneakyThrows
public HttpClient createHttpClient() {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
SslContext sslContext = SslContextBuilder
.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
return HttpClient.create()
.secure(t -> t.sslContext(sslContext))
.wiretap("LoggingFilter", LogLevel.INFO, AdvancedByteBufFormat.TEXTUAL);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.