【发布时间】:2019-12-15 19:12:40
【问题描述】:
我正在尝试使用简单的 JAX-RS 客户端(例如:
public class RandomDataProvider {
private WebTarget webTarget;
@PostConstruct
public void setUp() {
Client client = ClientBuilder.newBuilder()
.connectTimeout(5, TimeUnit.SECONDS)
.readTimeout(5, TimeUnit.SECONDS)
.build();
this.webTarget = client
.target("https://reqres.in/api/users");
}
public JsonArray getAllPosts() {
return this.webTarget
.request()
.accept(MediaType.APPLICATION_JSON)
.get(JsonArray.class);
}
}
但每次我尝试使用 HTTPS 时,我都会得到服务器所在的 SSLHandshakeExeption:无法找到请求目标的有效证书路径:
[ERROR ] SRVE0283E: Exception caught while initializing context: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://reqres.in/api/users: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:640)
at [internal classes]
at de.rieckpil.udemy.RandomDataProvider.getAllPosts(RandomDataProvider.java:32)
at de.rieckpil.udemy.RandomDataPrinter.initialize(RandomDataPrinter.java:17)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95)
at [internal classes]
Caused by (repeated) ... : javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://reqres.in/api/users: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1451)
... 9 more
Caused by: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:806)
... 9 more
Dockerfile 如下所示:
FROM open-liberty:microProfile3-java11
COPY --chown=1001:0 target/mywar.war /config/dropins/
我假设这个官方 Docker 映像正在使用 JDK 可信证书,还是我必须在自己的 server.xml 中明确配置它?
【问题讨论】:
-
Liberty 默认不使用 JDK 的可信证书。如果您想使用 cacerts 文件进行信任,则必须对其进行配置。我假设您没有 ssl 配置。要添加 cacerts 文件,您可以添加如下配置:
-
谢谢,解决了这个问题。你想添加一个正式的答案,以便我可以将其标记为正确的答案吗?花了
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="caTrustStore" /> <keyStore id="caTrustStore" location="${java.home}/lib/security/cacerts" password="changeit" />
标签: java jakarta-ee open-liberty microprofile