Spring security spring security oauth2客户端提供程序颁发者uri上的自签名证书

Spring security spring security oauth2客户端提供程序颁发者uri上的自签名证书,spring-security,keycloak,self-signed-certificate,Spring Security,Keycloak,Self Signed Certificate,我正在尝试创建一个Spring引导客户端应用程序的示例,该应用程序可以访问KeyClope安全rest服务 正如在几乎所有教程中所述,应该定义spring.security.oauth2.client。 这是我的: security: oauth2: client: registration: keycloak: client-id: my-id client-secret: my-sec

我正在尝试创建一个Spring引导客户端应用程序的示例,该应用程序可以访问KeyClope安全rest服务

正如在几乎所有教程中所述,应该定义spring.security.oauth2.client。 这是我的:

  security:
    oauth2:
      client:
        registration:
          keycloak:
            client-id: my-id
            client-secret: my-secret
            authorization-grant-type: client_credentials
        provider:
          keycloak:
            issuer-uri: https://myhost/auth/realms/master
但我在myhost KeyClope测试服务器下有自签名证书,所以当应用程序启动时,我得到以下信息:

Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://myhost/auth/realms/master"
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.getConfiguration(ClientRegistrations.java:177)
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromIssuerLocation(ClientRegistrations.java:140)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:83)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:59)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
    at java.util.HashMap.forEach(HashMap.java:1289)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:49)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
    ... 74 common frames omitted
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://myhost/auth/realms/master/.well-known/openid-configuration": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:751)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:654)
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.getConfiguration(ClientRegistrations.java:170)
    ... 86 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

如何在应用程序启动时禁用证书验证?

如果您遇到如下错误,请在尝试从restapi客户端或任何web应用程序连接KeyClope时查看

原因:org.springframework.web.client.ResourceAccessException:I/O 获取的请求时出错 "": sun.security.validator.validator异常:PKIX路径生成失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效认证路径;嵌套异常是 javax.net.ssl.SSLHandshakeException: sun.security.validator.validator异常:PKIX路径生成失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效证书路径

它试图告诉您没有将证书添加到java密钥库中,或者将错误的证书添加到密钥库中

正如您在端点中给出的
https
,因此必须在Java密钥库中导入/添加证书

您必须将证书导入客户端计算机

在客户端计算机中导入证书

 keytool -import -noprompt -trustcacerts -alias "initcert" -file keycloak.cer -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

Java密钥库的默认密码
changeit

如果您遇到如下错误,请在尝试从restapi客户端或任何web应用程序连接KeyClope时查看

原因:org.springframework.web.client.ResourceAccessException:I/O 获取的请求时出错 "": sun.security.validator.validator异常:PKIX路径生成失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效认证路径;嵌套异常是 javax.net.ssl.SSLHandshakeException: sun.security.validator.validator异常:PKIX路径生成失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效证书路径

它试图告诉您没有将证书添加到java密钥库中,或者将错误的证书添加到密钥库中

正如您在端点中给出的
https
,因此必须在Java密钥库中导入/添加证书

您必须将证书导入客户端计算机

在客户端计算机中导入证书

 keytool -import -noprompt -trustcacerts -alias "initcert" -file keycloak.cer -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

Java密钥库的默认密码
changeit

请将keydaveat证书导入/添加到Java密钥库中,它肯定会工作。@SubodhJoshi您是指jre/lib/security中的cacert密钥库吗?它需要密码,但我不知道。请将密钥斗篷证书导入/添加到Java密钥库中,它肯定会工作。@subodhjosh我是说jre/lib/security中的cacert密钥库?它需要密码,但我不知道