由于Cloud Foundry上的SSL错误,JaxB不能解组吗? [英] JaxB not Unmarshalling due to SSL error on cloud foundry?
问题描述
我有一个Web应用程序,使用thymeleaf,springboot,angularjs和oracle sql developer db.
I have an web application, Using thymeleaf, springboot, angularjs, and oracle sql developer db.
在本地,我能够连接并从oracle获取值.但是,当我将应用程序推送到Cloud Foundry时,我的状态为500.
Locally I am able to connect and get values from oracle. But when I push my application to cloud foundry, I am getting status=500.
错误
我要解组的URL具有不受信任的证书(您的连接不受保护)".我将cacerts添加到我的jvm中,这使其可以在本地工作.但是我相信我需要将cacerts添加到Cloud Foundry中.我该怎么做?
The url that I am unmarshalling has a untrusted certificate ("Your connection is not secured)". I added cacerts into my jvm, which allowed it to work locally. but I believe I need to add the cacerts into cloud foundry. How would I be able to do so?
SSL错误
ERR java.net.ConnectException: Connection timed out
ERR at java.net.PlainSocketImpl.socketConnect(Native Method)
ERR at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
ERR at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
ERR at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
ERR at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
ERR at java.net.Socket.connect(Socket.java:589)
ERR at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
ERR at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
ERR at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
ERR at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
ERR at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
ERR at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
ERR at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
ERR at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
ERR at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)
ERR at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
ERR at rest.springframework.controllers.IndexController.getDetails(IndexController.java:59)
ERR at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ERR at java.lang.reflect.Method.invoke(Method.java:498)
ERR at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
处于静止状态的ERR.springframework.jaxb.JAXSample.readXML(JAXSample.java:34)
原因
我从应用程序中删除了jaxB解组,并上传到Cloud Foundry中,但我没有获得status = 500.如何添加SSL以防止这种情况发生?
I removed jaxB unmarshalling from my application and uploaded into cloud foundry and I was did not get status=500. How can I add SSL to prevent this from happening?
JaxB示例
public deviceCert readXML(String MAC) throws MalformedURLException {
results customer = null;
deviceCert dcert = null;
String APPKEY = "Production";
try {
JAXBContext jaxbContext = JAXBContext.newInstance(results.class);
//line 34 is below VV.
URL url = new URL("https://untrusted.page.that.I.Am/unmarshalling" + "?mac=" + MAC + "&app_key=" + APPKEY);
HttpURLConnection http = (HttpURLConnection) url.openConnection();
http.addRequestProperty("User-Agent", "Mozilla/4.76");
InputStream is = http.getInputStream();
Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
customer = (results) jaxbUnmarshaller.unmarshal(is);
List<deviceCert> dcerts = customer.getDcerts();
dcert = dcerts.get(0);
在此处找到了相关链接
Found related link here
我遵循了 CF CLI SSL ,但这并没有完成技巧.
I followed CF CLI SSL But that did not do the trick.
尝试
- 在我的应用程序中创建了文件夹resources/config/truststore.
- 将Cert.cer添加到truststore文件夹中.
- 将应用程序推送到Cloud Foundry.
- cf set-env我的应用程序JAVA_OPTS'-Djavax.net.ssl.TrustStore = classpath:resources/config/truststore'
相同的错误没有改变.
尝试2
<dependency>
<groupId>io.pivotal.spring.cloud</groupId>
<artifactId>cloudfoundry-certificate-truster</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
-
增加了依赖性
added dependency
重新打包的应用程序,上传到cf.
Repackaged app, upload to cf.
在Cloud Foundry上添加了环境变量
Added environment variable on cloud foundry
CF_TARGET = https://api.my-cf-domain.com
CF_TARGET=https://api.my-cf-domain.com
//url of my secured/untrusted page
新的StackTrace错误
ERR at java.util.concurrent.FutureTask.get(FutureTask.java:205)
ERR at io.pivotal.springcloud.ssl.SslCertificateTruster.getUntrustedCertificateInternal(SslCertificateTruster.java:90)
ERR at io.pivotal.springcloud.ssl.SslCertificateTruster.getUntrustedCertificate(SslCertificateTruster.java:66)
ERR at io.pivotal.springcloud.ssl.CloudFoundryCertificateTruster.trustCertificatesInternal(CloudFoundryCertificateTruster.java:44)
ERR at io.pivotal.springcloud.ssl.CloudFoundryCertificateTruster.trustCertificates(CloudFoundryCertificateTruster.java:32)
ERR at org.springframework.boot.SpringApplication.createSpringFactoriesInstances(SpringApplication.java:420)
ERR at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:403)
ERR at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:394)
ERR at org.springframework.boot.SpringApplication.initialize(SpringApplication.java:261)
ERR at org.springframework.boot.SpringApplication.<init>(SpringApplication.java:237)
ERR at org.springframework.boot.SpringApplication.run(SpringApplication.java:1175)
ERR at rest.springframework.SpringBootWebApplication.main(SpringBootWebApplication.java:13)
ERR at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
ERR at java.lang.reflect.Method.invoke(Method.java:498)
ERR at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
ERR at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
ERR at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
为什么这项工作可以在本地找到,但不能在云上找到?
Why does this work find locally but not on the cloud?
推荐答案
There are a number of ways to add a CA cert to your container:
https://discuss.pivotal.io/hc/en-us/articles/223454928-How-to-tell-application-containers-running-Java-apps-to-trust-self-signed-certs-or-a-private-internal-CA
最简单的方法可能是使用cf set-env <app> JAVA_OPTS '-Djavax.net.ssl.TrustStore=classpath:resources/config/truststore'或在应用清单中使用"env"属性,将Java VM指向您捆绑在应用中的cacert文件.
The easiest one is probably to point the Java VM to a cacert file you bundle in your app, using cf set-env <app> JAVA_OPTS '-Djavax.net.ssl.TrustStore=classpath:resources/config/truststore' or with the "env" attribute in your app manifest.
这篇关于由于Cloud Foundry上的SSL错误,JaxB不能解组吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
