2

我在spring项目中使用Vault服务器,当我想用​​maven创建一个jar文件时,我得到了这个错误。

 .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.3.1.RELEASE)

2020-07-11 12:49:59.901  WARN 33652 --- [           main] o.s.v.a.LifecycleAwareSessionManager     : Cannot enhance VaultToken to a LoginToken: Token self-lookup failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://development:8200/v1/auth/token/lookup-self": extension (5) should not be presented in certificate_request; nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
2020-07-11 12:49:59.955  WARN 33652 --- [           main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/inquiry/dev', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] I/O error on GET request for "https://development:8200/v1/secret/inquiry/dev": extension (5) should not be presented in certificate_request; nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://development:8200/v1/secret/inquiry/dev": extension (5) should not be presented in certificate_request; nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:748) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:674) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:315) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.vault.core.VaultTemplate.lambda$doRead$5(VaultTemplate.java:401) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:388) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:398) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:290) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:662) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:396) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:355) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:184) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:169) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:122) ~[spring-vault-core-2.2.0.RELEASE.jar:2.2.0.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:157) ~[spring-cloud-vault-config-2.2.3.RELEASE.jar:2.2.3.RELEASE]

我在网上搜索并发现Java 11中存在一些错误,但我使用了java 14。以及当我-Djdk.tls.client.protocols=TLSv1.2向我的pom文件添加选项时,异常没有变化这里是我的pom.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.1.RELEASE</version>
        <relativePath/>
    </parent>
    <groupId>ir.co.isc.sepam</groupId>
    <artifactId>inquiry</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>inquiry</name </description>

    <properties>
        <java.version>14</java.version>
        <maven.compiler.source>14</maven.compiler.source>
        <maven.compiler.target>14</maven.compiler.target>
        <spring-cloud.version>Hoxton.SR6</spring-cloud.version>
        <!--<jvm.options>-Dmaven.wagon.http.ssl.insecure=true</jvm.options>-->
        <!--<jvm.options>-Djdk.tls.client.protocols=TLSv1.2</jvm.options>-->
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
<!--                <configuration>
                    <jvmArguments>${jvm.options}</jvmArguments>
                </configuration>-->
            </plugin>
        </plugins>
    </build>

</project>
4

1 回答 1

1

默认vault server -dev(开发人员)设置不使用 HTTPS,因此您需要配置您的 Vault Endpoint 以指向正确的 URI,或者读取似乎不使用的VAULT_ADDR环境变量。spring-vault

    @Override
    public VaultEndpoint vaultEndpoint() {
        return VaultEndpoint.from(URI.create("http://localhost:8200/v1"));
    }

对于 KV 版本 2,您还需要使用不同的路径 ( /data/)。

vault kv put secret/secret1 lanId=password
vault kv put secret/secret2 lanId=password

... 由/v1/secret/data/secret1and访问/v1/secret/data/secret2

VaultResponse response = operations.read("secret/data/secret1");
if (response == null) {
  ... 
}
于 2020-10-23T06:23:29.897 回答