我正试图在tomcat 9.0.39上运行的春季启动应用程序中配置HTTPS,但当我在PostmanCanary中执行POST时,我在控制台中收到了这个错误。log:
2020-10-24 16:32:12.339 INFO 22073 --- [nio-8081-exec-4] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x010x000xf70x010x000x000xf30x030x030xb1Z0xba`0xd2q0xb10xa40xcdGk>.H0x190x0f0xe90xe20xeb0xbdJ80xc1l0y0xaa0x050x17'0x060xda]. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:417) ~[tomcat-coyote.jar:9.0.39]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261) ~[tomcat-coyote.jar:9.0.39]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.39]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-coyote.jar:9.0.39]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.39]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.39]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.39]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
在PostmanCanary,除了这个tomcat错误,我还收到了这个:
Error: write EPROTO 37322838446536:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../third_party/boringssl/src/ssl/tls_record.cc:242:
我的postMonary在设置中导入了证书客户端证书(我在PFX文件选项中导入了.p12(
我的server.xml有这样的评论:
<!--APR library loader. Documentation at /docs/apr.html
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>-->
这个:
<Connector port="8081" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystoreFile="/home/...PATH_TO_P12.../base.p12" keystorePass="mypassword" truststoreType="PKCS12" truststoreFile="base.p12" truststorePass="mypassword" />
我的应用程序:
@ComponentScan("com.xxx.base")
@EntityScan("com.xxx.base.domain")
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class,HibernateJpaAutoConfiguration.class})
@SpringBootApplication
public class UserRegistryApplication extends SpringBootServletInitializer{
public static void main(String[] args) {
SpringApplication.run(UserRegistryApplication.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(UserRegistryApplication.class);
}
}
我的安全配置(我不想验证,这是第一个用户注册表,所以还没有登录,我只想以安全的方式通过我的POST主体和用户密码(
@Configuration
@EnableWebSecurity
public class BasicConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
我的application.properties(base.p12在具有属性的资源中(:
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:base.p12
server.ssl.key-store-password=mypassword
server.ssl.key-alias=base
server.ssl.enabled=true
我的控制器:
//POST /User {...} --> create not active User prototype
@PostMapping("/createPrototype")
public ResponseEntity<User> createUserPrototype(@RequestBody User requestUser) throws HttpClientErrorException, URISyntaxException, Exception{
...codes...
}
有人知道我错过了什么吗?
我自己解决了。
首先,我使用以下命令生成了另一个.p12:
openssl req-x509-newkey rsa:4096-keyout base.pem-out base.pem-days 365-nodes
openssl pkcs12-export-out base.p12-inkey base.pem
然后,在我的server.xml中取消注释:
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
并将他的:
<Connector port="8081" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/home/...PATH_TO_P12.../base.p12"
keystorePass="password" clientAuth="false" sslProtocol="TLS"
keystoreType="PKCS12" />
我的配置现在是这样的:
@Override
protected void configure(HttpSecurity http) throws Exception {
//http.authorizeRequests().anyRequest().authenticated().and()
http.csrf().disable().httpBasic();
}
在我的邮递员中,我禁用了设置上的SSL证书验证
现在运行良好。