今天在项目中用spring的RestTemplate调用https的请求,突然不灵了,记得上次还没问题,怀疑是证书问题,网上找了个解决方案,完美解决,在这里记录一下,顺便把用到的RestTemplate用法记录一下。
2020-04-17 18:46:54.859 ERROR 9 --- [p-nio-80-exec-7] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [/info] threw exception [Request processing failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://sso.bjou.edu.cn/oauth/token": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] with root cause
RestTemplate之表单提交
直接上代码片段,仅供参考
MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
map.add("client_id", filterProperties.getClientId());
map.add("client_secret", filterProperties.getClientSecret());
map.add("grant_type", "authorization_code");
map.add("redirect_uri", filterProperties.getRedirectUri());
map.add("code", code);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(map, headers);
ResponseEntity<Map> response = restTemplate.postForEntity(tokenUrl(), request, Map.class);
RestTemplate调用https
特别注意,不是所有的https请求都会报以下错误,怀疑和证书有关系,还没有考证,异常及代码片段如下
- 异常
2020-04-17 18:46:54.859 ERROR 9 --- [p-nio-80-exec-7] o.a.c.c.C.[.[.[.[dispatcherServlet] :
Servlet.service() for servlet [dispatcherServlet] in context with path [/info] threw exception [Request processing failed; nested exception is
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://xxx/oauth/token":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] with root cause
- 代码片段
this.restTemplate = new RestTemplate(generateHttpRequestFactory());
private HttpComponentsClientHttpRequestFactory generateHttpRequestFactory() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
TrustStrategy acceptingTrustStrategy = (x509Certificates, authType) -> true;
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory connectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
new NoopHostnameVerifier());
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setSSLSocketFactory(connectionSocketFactory);
CloseableHttpClient httpClient = httpClientBuilder.build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
factory.setHttpClient(httpClient);
return factory;
}
附完整代码类
import lombok.extern.slf4j.Slf4j;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
/**
* oauth2客户端
*
* @author songhuiqing
*/
@Slf4j
@Configuration
public class Oauth2ClientConfiguration {
FilterProperties filterProperties;
private RestTemplate restTemplate;
public Oauth2ClientConfiguration(RestTemplate restTemplate, FilterProperties filterProperties) {
String oauth2Server = filterProperties.getOauth2Server();
if (!StringUtils.isEmpty(oauth2Server) && oauth2Server.startsWith("https")) {
try {
this.restTemplate = new RestTemplate(generateHttpRequestFactory());
} catch (Exception e) {
log.error("init restTemplate error, {}", e.getMessage());
throw new RuntimeException("init restTemplate error", e);
}
} else {
this.restTemplate = new RestTemplate();
}
this.filterProperties = filterProperties;
}
public OAuth2AccessToken getAccessToken(String code) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
map.add("client_id", filterProperties.getClientId());
map.add("client_secret", filterProperties.getClientSecret());
map.add("grant_type", "authorization_code");
map.add("redirect_uri", filterProperties.getRedirectUri());
map.add("code", code);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(map, headers);
ResponseEntity<Map> response = restTemplate.postForEntity(tokenUrl(), request, Map.class);
if (response.getStatusCode().is2xxSuccessful()) {
return DefaultOAuth2AccessToken.valueOf(response.getBody());
}
throw new RuntimeException(String.format("认证服务异常, 返回状态为: %s, 原因: %s",
response.getStatusCodeValue(),
response.getBody()));
}
public String getUserName(String accessToken) {
ResponseEntity<Map> response = restTemplate.postForEntity(userUrl(accessToken), null, Map.class);
if (response.getStatusCode().is2xxSuccessful()) {
return (String) response.getBody().get("username");
}
throw new RuntimeException(String.format("认证服务异常, 返回状态为: %s, 原因: %s",
response.getStatusCodeValue(),
response.getBody()));
}
private String tokenUrl() {
return filterProperties.getOauth2Server() + "/oauth/token";
}
private String userUrl(String accessToken) {
return filterProperties.getOauth2Server() + "/userinfo?access_token=" + accessToken;
}
private HttpComponentsClientHttpRequestFactory generateHttpRequestFactory() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
TrustStrategy acceptingTrustStrategy = (x509Certificates, authType) -> true;
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory connectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
new NoopHostnameVerifier());
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setSSLSocketFactory(connectionSocketFactory);
CloseableHttpClient httpClient = httpClientBuilder.build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
factory.setHttpClient(httpClient);
return factory;
}
}
