stackoom
  简体   繁体   中英

Spring boot catch SSLHandshakeException

 原文  2020-12-16 08:02:46       java/ spring/ spring-boot/ tomcat

Question

We have a rest API written in SpringBoot using a 2-way ssl Auth. We would like to send 401 HTTP status code when the user selects the wrong/expired client certificate.

When it happens I can see the exception:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The API starts normally and works fine. The exception occurs whenever the user tries to call my api selecting a wrong client certificate or invalid. In this case I would like to return 401 to the caller

Spring boot is configured with Tomcat and @EnableWebSecurity 

http.x509().subjectPrincipalRegex("XXXXXX").userDetailsService(this.userDetailsService);
((RequiresChannelUrl)http.requiresChannel().anyRequest()).requiresSecure();

urls().forEach((url, guard) -> {
   try {
      ((AuthorizedUrl)http.authorizeRequests().antMatchers(new String[]{url})).access(guard);
    } catch (Exception var4) {
        throw new UnsupportedOperationException("error");
    }
});

Here the stack trace:

DirectJDKLog.java:175 [] Handshake failed during wrap
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
....
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

The browser shows: ERR_BAD_SSL_CLIENT_AUTH_CERT Is it possible to catch this exception in SpringBoot and send a specific HTTP status code?

2 answers

solution1
 1  2020-12-16 08:13:24

Maybe you can try a controller advice:

@ControllerAdvice
class MyControllerExceptionHandler {

    @ResponseStatus(HttpStatus.UNAUTHORIZED)  // or whatever you want
    @ExceptionHandler(SSLHandshakeException.class)
    public void handleHandshakeException() {
        // Nothing to do
    }
}

solution2
 0  2020-12-16 08:53:27

Maybe the solution posted here or here can help you

In your security configuration you add this lines:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.
      //....
     and().
    .anonymous().disable()
    .exceptionHandling()
    .authenticationEntryPoint(new org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint("YourValue"));
}

and it will return HTTP 401:

Status Code: 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: 0
//... other header values
WWW-Authenticate: YourValue

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Intercept SSLHandshakeException in Spring boot SSLHandshakeException: Certificate Unknown (Java Spring Boot & Android) I got the SSLHandshakeException by using Spring Boot Mail Sender ControllerAdvice cannot catch custom exception in Spring Boot Adding Code Coverage for catch block in Spring boot How to catch a NumberFormatException for a property in Spring-Boot? Catch link preview request in Spring Boot AspectJ Spring Boot catch method with boolean parameter Spring boot catch exception to autoReconnect MYSQL How to catch Bad Request in Spring Boot
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM