WLP

WLP

关注
发信
关注(28)粉丝(399)

java - WLP中的出站SSL连接

我有一个启用了Spring Security的Web应用程序,该应用程序使用WLP上部署的SSL通过LDAP连接到LDAP。我在jvm.options文件中指定了trustStore和密码,如下所示

-Djavax.net.ssl.trustStore=path/to/keystore
-Djavax.net.ssl.trustStorePassword=password


我的server.xml如下所示

<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
  <!-- Enable features -->
  <featureManager>
    <feature>jsp-2.2</feature>
    <feature>ssl-1.0</feature>
    <feature>localConnector-1.0</feature>
  </featureManager>

  <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />
  <keyStore id="defaultKeyStore" location="/path/to/identity.jks" password="password" provider="SUN" />
  <webContainer deferServletLoad="false" />
  <application id="appId" location="/path/to/app.war" name="app" type="war" />
</server>


但是我得到以下异常

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


我用一个独立的Java程序尝试了相同的信任库,它可以工作。任何帮助表示赞赏。

注意:如果我在identity.jks中包含受信任的CA,则可以使用

谢谢
穆拉利

最佳答案

无法识别您的identity.jks,因为它与Http-Endpoint没有关联。无需使用JSSE系统属性,因为也可以在其中定义信任库。您没有提到过wlp版本。对于8.5,请参见此处http://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/rwlp_ssl.html

(用于Eclipse的WebSphere Application Server开发人员工具提供了用于编辑server.xml的用户界面)

您的server.xml应该如下所示:

<?xml version="1.0" encoding="UTF-8" ?>
<server description="new server">
  <!-- Enable features -->
  <featureManager>
    <feature>jsp-2.2</feature>
    <feature>ssl-1.0</feature>
    <feature>localConnector-1.0</feature>
  </featureManager>

  <keyStore id="keyStore" location="/path/to/identity.jks" password="keyStorePassword" type="jks" />
  <keyStore id="trustStore" location="/path/to/truststore.jks" password="trustStorePassword" type="jks" />

  <sslDefault sslRef="defaultSSLConfig" />

  <ssl id="defaultSSLConfig" keyStoreRef="keyStore" serverKeyAlias="serverKeyAlias" trustStoreRef="trustStore" />

  <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443">
    <sslOptions sslRef="defaultSSLConfig"></sslOptions>
  </httpEndpoint>
  <webContainer deferServletLoad="false" />
  <application id="appId" location="/path/to/app.war" name="app" type="war" />
</server>

10-07 13:24
Powered by LMLPHP ©2024 WLP 0.027380