堆栈内存溢出
  简体   繁体   English

Spring Cloud Gateway 资源服务器:不存在主题替代名称

[英]Spring cloud gateway resource server: No subject alternative names present

 原文  2021-10-22 05:39:44       java/ spring/ spring-cloud

问题描述

Our spring cloud gateway is configured as a resource server for token validation in keycloak and access control, our keycloak instance is running on https (for ldap connection), and when I try to send request to the gateway with the token, I get the error: `Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names'.我们的spring cloud网关被配置为keycloak和访问控制中令牌验证的资源服务器,我们的keycloak实例在https上运行(用于ldap连接),当我尝试使用令牌向网关发送请求时,出现错误:`由:javax.net.ssl.SSLHandshakeException:没有主题替代名称'。

What options do I have to disable certificate and subject alternative names checking during development for keycloak authentication?在密钥斗篷身份验证的开发过程中,我必须使用哪些选项来禁用证书和主题备用名称检查? Thanks for any recommendations.感谢您的任何建议。

1 个解决方案

解决方案1
 0  2021-11-08 11:24:25

Ok,i forgot about this problem but i have simple solution now.好的,我忘记了这个问题,但我现在有简单的解决方案。 Look like a dev solution only.看起来只是一个开发解决方案。

@Configuration
@Slf4j
@ConditionalOnProperty("spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
public class SslResolverConfig {

  @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
  private String issuerUri;

  @Bean
  public ReactiveJwtDecoder reactiveJwtDecoder() {
    log.debug("ISSUE uri {}", issuerUri);
    var jvmBlockingResolver = createHttpClient();
    var connector = new ReactorClientHttpConnector(jvmBlockingResolver);
    var webClient = WebClient
        .builder()
        .clientConnector(connector)
        .build();
    return NimbusReactiveJwtDecoder
        .withJwkSetUri(issuerUri)
        .webClient(webClient)
        .build();
  }

  @SneakyThrows
  public HttpClient createHttpClient() {
    TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
      }

      public void checkClientTrusted(X509Certificate[] certs, String authType) {
      }

      public void checkServerTrusted(X509Certificate[] certs, String authType) {
      }
    }
    };

    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    SslContext sslContext = SslContextBuilder
        .forClient()
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();
    return HttpClient.create()
        .secure(t -> t.sslContext(sslContext))
        .wiretap("LoggingFilter", LogLevel.INFO, AdvancedByteBufFormat.TEXTUAL);
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSLHandshakeException:不存在主题替代名称 - SSLHandshakeException: No subject alternative names present CertificateException:不存在主题替代名称 - CertificateException: No subject alternative names present Spring云网关+Spring安全资源服务器 - Spring Cloud Gateway + Spring security resource server SSL 证书 - 不存在主题替代名称 - SSL Cerficate - No subject alternative names present 没有主题备用名称会添加例外 - No subject alternative names present add exception java javax.net.ssl.SSLHandshakeException:不存在使用者替代名称 - java javax.net.ssl.SSLHandshakeException: No subject alternative names present java.security.cert.CertificateException:不存在主题替代名称; - java.security.cert.CertificateException: No subject alternative names present; 如何修复“java.security.cert.CertificateException:没有主题替代名称存在”错误? - How to fix the “java.security.cert.CertificateException: No subject alternative names present” error? Kafka Java 消费者 SSL 握手错误:java.security.cert.CertificateException:不存在主题替代名称 - Kafka java consumer SSL handshake Error : java.security.cert.CertificateException: No subject alternative names present 来自https的wsimport:[错误] java.security.cert.CertificateException:不存在使用者替代名称 - wsimport from https: [ERROR] java.security.cert.CertificateException: No subject alternative names present
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM