我正在使用 Spring 3.2.11.RELEASE 和 Spring Security 3.1.4.RELEASE。我想在我的 Web 应用程序中配置一个 keystone,以便我可以使用 Apache httpclient 库进行 HTTPS 调用。我想在我的 Web 应用程序中通过 XML 进行此配置,而不是将证书添加到 Java 的 cacerts 文件中。在我的应用程序上下文文件中,我尝试添加
<bean id="systemPrereqs"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" value="#{@systemProperties}" />
<property name="targetMethod" value="putAll" />
<property name="arguments">
<!-- The new Properties -->
<util:properties>
<prop key="javax.net.ssl.trustStore">${key.store.file}</prop>
<prop key="javax.net.ssl.trustStorePassword">${key.store.password}</prop>
</util:properties>
</property>
</bean>
但是,“${key.store.file}”是一个相对 URL(文件在我的 WAR 中),所以上面的结果会导致下面的异常……</p>
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1366) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) [jsse.jar:1.7.0_80-ea]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) [httpclient-4.3.4.jar 4.3.4]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) [httpclient-4.3.4.jar:4.3.4]
at org.mainco.subco.lightside.service.LightsideServiceImpl.sendJsonRequestToLightside(LightsideServiceImpl.java:267) [core-84.0.0-SNAPSHOT.jar:]
有什么方法可以在我的应用程序 XML 中配置我的 keystone?如果升级或添加新库有助于解决这个问题,我愿意这样做。谢谢 - 戴夫