我有一个使用 Spring Boot 实现的微服务(最初从 2.0.6 开始,现在是 2.1.8(,它使用端口 8080 运行良好。 现在我必须切换到TLS才能让(REST(服务使用HTTPS作为网络钩子工作,但我总是得到
2020-01-02 17:14:38.929 DEBUG [-,,,] 19072 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter : Application failed to start due to an exception
org.springframework.boot.web.embedded.tomcat.ConnectorStartFailedException: Connector configured to listen on port 8444 failed to start
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkConnectorHasStarted(TomcatWebServer.java:228)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkThatConnectorsHaveStarted(TomcatWebServer.java:220)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:200)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
at de.mediciliving.cloud.crm.CrmServiceApplication.main(CrmServiceApplication.java:21)
2020-01-02 17:14:38.930 ERROR [-,,,] 19072 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
The Tomcat connector configured to listen on port 8444 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8444, or configure this application to listen on another port.
我在 Spring Boot 中使用自签名证书遵循 HTTPS 来创建密钥库:
keytool -genkeypair -alias MyAlias -keystore keystore.p12 -storetype PKCS12 -keyalg RSA -storepass xxxxxx -validity 730 -keysize 2048
在我的application.properties中,我定义了这个:
server.ssl.enabled=true
server.port=${APPLICATION_PORT:8443}
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=xxxxxx
#server.ssl.key-password=xxxxxx
# The format used for the keystore.
#server.ssl.key-store-type=JKS
#server.ssl.key-store-type=PKCS12
server.ssl.key-alias=MyAlias
我没有其他服务在该端口上运行侦听,我什至重新启动了 IntelliJ 以确保没有正在运行/侦听的服务。
我已经在网上搜索了几天了,但我仍然无法使用HTTPS运行我的服务。错误消息告诉我没有任何帮助。由于没有其他正在运行的服务,因此它必须是配置,但我不知道究竟是什么导致了此错误。
在POM中,我有:
<spring.boot.version>2.1.8.RELEASE</spring.boot.version>
<tomcat.version>9.0.27</tomcat.version>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.2.2.RELEASE</version>
</dependency>
...I found something to exclude binary resource files from filtering, so I considered it in the POM as well...
<excludes>
<exclude>**/resources/**/*.p12</exclude>
</excludes>
我尝试了几个端口,如 443、8443、8082、...并且还使用不同的证书格式(PKCS12 和 JKS(但没有成功。
当我做keytool.exe -keystore keystore.p12 -storepass xxxxxx -list -storetype pkcs12
我得到:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
MyAlias, 02.01.2020, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 50:F3:52:68:4D:13:D9:C7:72:8E:9F:E9:60:40:DB:88:4D:1F:E8:75:2B:0A:08:C5:E2:F5:FA:D0:D7:0B:73:EB
也许我的服务中有此配置对您有所帮助:
@Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfig extends /*WebSecurityConfigurerAdapter*/ ResourceServerConfigurerAdapter {
private static final String[] WHITELIST = {
"/swagger-resources/**",
"/swagger-ui.html",
"/v2/api-docs",
"/webjars/**",
"/error*",
"/health"
};
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(WHITELIST).permitAll();
// http.authorizeRequests().anyRequest().fullyAuthenticated();
http.authorizeRequests().anyRequest().permitAll();
// disables Cross-Site Request Forgery protection and CORS protection
http.csrf().disable();
http.cors();
}
@Bean
RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Bean
public FilterRegistrationBean simpleCorsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
}
Considering that you have added the JKS to your Java cacerts in your system.Below are the steps using JKS for enabling https.
Step 1 : (Changes to application.properties)
server.port: 443
server.ssl.key-store: jks_file_path
server.ssl.key-store-password: ********
server.ssl.keyStoreType: JKS
Step 2 : Go to your run /debug configuration and use below in VM options.
-Djavax.net.ssl.trustStore= cacert_file_path
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.debug=ssl:handshake
-Dspring.profiles.active=dev (optional if you have profiling enabled)
enter code here
Step 3 : Start application.
Hope it will work.