[英]Spring cloud gateway resource server: No subject alternative names present
我們的spring cloud網關被配置為keycloak和訪問控制中令牌驗證的資源服務器,我們的keycloak實例在https上運行(用於ldap連接),當我嘗試使用令牌向網關發送請求時,出現錯誤:`由:javax.net.ssl.SSLHandshakeException:沒有主題替代名稱'。
在密鑰斗篷身份驗證的開發過程中,我必須使用哪些選項來禁用證書和主題備用名稱檢查? 感謝您的任何建議。
好的,我忘記了這個問題,但我現在有簡單的解決方案。 看起來只是一個開發解決方案。
@Configuration
@Slf4j
@ConditionalOnProperty("spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
public class SslResolverConfig {
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
private String issuerUri;
@Bean
public ReactiveJwtDecoder reactiveJwtDecoder() {
log.debug("ISSUE uri {}", issuerUri);
var jvmBlockingResolver = createHttpClient();
var connector = new ReactorClientHttpConnector(jvmBlockingResolver);
var webClient = WebClient
.builder()
.clientConnector(connector)
.build();
return NimbusReactiveJwtDecoder
.withJwkSetUri(issuerUri)
.webClient(webClient)
.build();
}
@SneakyThrows
public HttpClient createHttpClient() {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
SslContext sslContext = SslContextBuilder
.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
return HttpClient.create()
.secure(t -> t.sslContext(sslContext))
.wiretap("LoggingFilter", LogLevel.INFO, AdvancedByteBufFormat.TEXTUAL);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.