如何使用SSL配置Spring RestTemplate(在Spring @MVC中)

Question

我想配置我的春天@MVC存根应用程序的春天RestTemplate与SSL进行沟通,REST基地HTTPS应用程序中,部署在Tomcat的服务器(春季3,Tomcat的7).我已经完成了我的作品,请参阅此链接.现在我没有任何想法如何使用这些生成的证书与春天RestTemplate,任何人都可以有一些想法,请帮助我.谢谢.到目前为止我做过的事情,

// Spring Security xml配置

   <http>
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>      
    <http-basic/></http> 

//使用Tomcat启用SSL的配置

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:\Users\Channa\.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>

用于生成密钥,证书等,

//生成客户端和服务器密钥:

F:\ jdk1.6.0_23\bin> keytool -genkey -keystore keystore_client -alias clientKey -dname"CN = localhost,OU = Dev,O = MyBusiness,L = Colombo,S = Westen,C = SL"
F:\ jdk1 .6.0_23\bin> keytool -genkey -keystore keystore_server -alias serverKey -dname"CN = localhost,OU = Dev,O = MyBusiness,L = Colombo,S = Westen,C = SL"

//生成客户端和服务器证书:

F:\ jdk1.6.0_23\bin> keytool -export -alias clientKey -rfc -keystore keystore_client> client.cert F:\ jdk1.6.0_23\bin> keytool -export -alias serverKey -rfc -keystore keystore_server> server.cert

//将证书导入相应的信任库:

F:\ jdk1.6.0_23\bin> keytool -import -alias clientCert -file client.cert -keystore truststore_server F:\ jdk1.6.0_23\bin> keytool -import -alias serverCert -file server.cert -keystore truststore_client

// Spring RestTemplate配置

<!--Http client-->
<bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
    <constructor-arg ref="httpClientParams"/>
    <property name="state" ref="httpState"/>
</bean>

<!--Http state-->
<bean id="httpState" class="com.org.imc.test.stub.http.CustomHttpState">
    <property name="credentials" ref="usernamePasswordCredentials"/>
</bean>

<!--User name password credentials-->
<bean id="usernamePasswordCredentials" class="org.apache.commons.httpclient.UsernamePasswordCredentials"/>

<!--Http client-->
<bean id="httpClientFactory" class="org.springframework.http.client.CommonsClientHttpRequestFactory">
    <constructor-arg ref="httpClient"/>
</bean>

<!--RestTemplate-->
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
    <constructor-arg ref="httpClientFactory"/>
</bean>

// Https URL即可访问

ResponseEntity<User> rECreateUser = restTemplate.postForEntity("https://127.0.0.1:8443/skeleton-1.0/login", user, User.class);

//目前我得到的例外:

org.springframework.web.client.ResourceAccessException:I/O错误:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径; 嵌套异常是javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径

Answer 1

这是因为您正在调用的服务的SSL证书未由受信任的证书颁发机构签名.解决方法是将证书导入JRE的证书信任库(cacerts).

1. 通过在浏览器中打开URL来下载证书,单击浏览器地址栏中的锁定图标.

2. 有.cer文件后执行以下命令

   keytool -import -keystore jdk1.8.0_77/jre/lib/security/cacerts -file ~/test.cer -alias test