我开发了一个 Java 应用程序,它使用 ldaps 在 Windows DC 上创建用户帐户,在将自签名证书从 Windows 服务器导入到我的本地 keystore 后工作正常。
现在我创建了一个在 glassfish 4.0 上运行的 Web 服务,并使用相同的代码来创建帐户。
现在的问题是 Web 服务现在给了我最初遇到的错误,但通过将证书导入我的本地 keystore (cacerts)来解决它
Severe: javax.naming.CommunicationException: simple bind failed: 196.220.119.21:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at engine.CreateStudent.<init>(CreateStudent.java:89)
at service.Create.createAccount(Create.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.glassfish.webservices.InstanceResolverImpl$1.invoke(InstanceResolverImpl.java:143)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:136)
at org.glassfish.webservices.MonitoringPipe.process(MonitoringPipe.java:142)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:136)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:210)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:142)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
at org.glassfish.webservices.JAXWSServlet.doPost(JAXWSServlet.java:169)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
原因:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
在 sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
在 sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
在 sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
在 sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
在 sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
在 sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
在 sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
在 sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
在 sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
在 sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
在 sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
在 sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
在 java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
在 java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
在 com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
在 com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
在 com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
在 com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 72 更多
原因:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
在 sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
在 sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
在 sun.security.validator.Validator.validate(Validator.java:260)
在 sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
在 sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
一种
严重:t sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
在 sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
... 85 更多
原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
在 sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
在 sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
在 java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
在 sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 91 更多
信息:java.lang.NullPointerException
我什至尝试将证书导入到 cacerts.jks 和 keystore.jks 中
C:\Program Files\glassfish-4.0\glassfish\domains\domain1\config
文件夹,但无济于事。
我还尝试使用在我的代码中设置 keystore 位置
System.setProperty("javax.net.ssl.trustStore", "C:\Program Files\Java\jdk1.8.0_05\jre\lib\security\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
仍然没有喜悦
缺少什么重要的东西?
顺便说一句,我在 Windows 8 机器上同时拥有 x32 和 x64 位的 jdk。
最佳答案
glassfish 容器取决于其版本,似乎已将您的默认 JDK keystore 文件覆盖为自己的路径。
如果这台机器上的其他 java 应用程序工作正常,唯一的问题是 glassfish 不能工作,试试这个
System.clearProperty("javax.net.ssl.trustStore"); //add in servlet init()
如果您的 servlet 没有 init,请将其添加到您的启动 servlet 类中:
@Override
public void init() throws ServletException
{
super.init();
System.clearProperty("javax.net.ssl.trustStore");
}
为什么?
在正常环境下运行这段代码(不用任何容器,编译运行即可。)
然后在您的 servlet 中运行它,使用您的 Web 应用程序(而不是系统 println,您可以在示例网页上打印结果。)
System.out.println(System.getProperty("javax.net.ssl.trustStore"));
glassfish的结果:
/Users/jianqing/GlassFish_Server/glassfish/domains/domain1/config/cacerts.jks
null
关于java - 在 glassfish Web 服务应用程序中找不到请求目标的有效认证路径,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26716213/