SpringBoot - 解析 HTTP 请求时出错 header(Oauth2 https 端点)
SpringBoot - Error parsing HTTP request header (Oauth2 https endpoints)
当我尝试从 spring 启动应用程序访问 OAuth HTTPS 端点时,出现以下错误,但 HTTP 端点工作正常
错误:
2018-07-24 10:25:06.292 [DEBUG][8464][https-jsse-nio-8084-exec-8] o.apache.coyote.http11.Http11Processor: Error parsing HTTP request header
java.io.EOFException: null at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1250)
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1190)
at
org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:717)
at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:366)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:687)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
端点
https://localhost:8084/my-auth/oauth/authorize
https://localhost:8084/my-auth/oauth/token
SSL 的应用程序 YML 配置:
port: 8084
non-http-port: 8083
context-path: /my-auth
ssl:
key-alias: <my cert alais>
key-password: <my pasword>
key-store: <my jks path>
key-store-type: JKS
enabled: true
安全性java配置
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern(contextPath+"/api/v1/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(unSecuredPort);
connector.setSecure(false);
connector.setRedirectPort(securedPort);
return connector;
}
POM 文件
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>my-app-name</artifactId>
<groupId>my.group.id</groupId>
<version>my-version</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<packaging>jar</packaging>
<artifactId>my-app-name</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.15.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring4</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我刚刚找到了解决方案,问题出在本地主机的自签名证书上。将这些导入 JDK 的信任库后,一切都应该正常工作。
感谢@bavlin
要在本地运行 Oauth2 端点,您必须在本地 JRE 信任库中安装证书
使用以下命令将其添加到本地信任库中:(在命令提示符中)
• keytool -keystore cacerts -import -trustcacerts -file "file path to cert"
• 使其在 postman 中运行 - 在 chrome 浏览器中,将本地主机证书安装到“受信任的根证书颁发机构”
这不是错误,是调试消息。
我也中了这个,我相信正确答案在这里:
If the log level were not DEBUG, the EOF would have been silently swallowed. It's unfortunate that the message says "Unexpected EOF" since in this case it's normal.
上找到的
这里的调试信息:
catch (IOException e) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("http11processor.header.parse"), e);
}
setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
break;
}
在Http11Processor from Tomcat 8.5
并且为此 Tomcat 修复添加了导致它的 EOFException:Non-blocking should throw an EOFException on EOF as well
这是我从这个 "problem" 的另一个讨论中发现的 spring-cloud github discussion
I think this is perfectly normal as this OEFException was added by our colleague per apache/tomcat@91b7859. Logging error on INFO level when ssl connection is made to non-ssl connector is a bit aggressive.
当我尝试从 spring 启动应用程序访问 OAuth HTTPS 端点时,出现以下错误,但 HTTP 端点工作正常
错误:
2018-07-24 10:25:06.292 [DEBUG][8464][https-jsse-nio-8084-exec-8] o.apache.coyote.http11.Http11Processor: Error parsing HTTP request header
java.io.EOFException: null at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1250) at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1190) at org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:717) at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:366) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:687) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
端点
https://localhost:8084/my-auth/oauth/authorize
https://localhost:8084/my-auth/oauth/token
SSL 的应用程序 YML 配置:
port: 8084
non-http-port: 8083
context-path: /my-auth
ssl:
key-alias: <my cert alais>
key-password: <my pasword>
key-store: <my jks path>
key-store-type: JKS
enabled: true
安全性java配置
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern(contextPath+"/api/v1/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(unSecuredPort);
connector.setSecure(false);
connector.setRedirectPort(securedPort);
return connector;
}
POM 文件
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>my-app-name</artifactId>
<groupId>my.group.id</groupId>
<version>my-version</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<packaging>jar</packaging>
<artifactId>my-app-name</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.15.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring4</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我刚刚找到了解决方案,问题出在本地主机的自签名证书上。将这些导入 JDK 的信任库后,一切都应该正常工作。
感谢@bavlin
要在本地运行 Oauth2 端点,您必须在本地 JRE 信任库中安装证书
使用以下命令将其添加到本地信任库中:(在命令提示符中)
• keytool -keystore cacerts -import -trustcacerts -file "file path to cert"
• 使其在 postman 中运行 - 在 chrome 浏览器中,将本地主机证书安装到“受信任的根证书颁发机构”
这不是错误,是调试消息。
我也中了这个,我相信正确答案在这里:
上找到的If the log level were not DEBUG, the EOF would have been silently swallowed. It's unfortunate that the message says "Unexpected EOF" since in this case it's normal.
这里的调试信息:
catch (IOException e) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("http11processor.header.parse"), e);
}
setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
break;
}
在Http11Processor from Tomcat 8.5
并且为此 Tomcat 修复添加了导致它的 EOFException:Non-blocking should throw an EOFException on EOF as well
这是我从这个 "problem" 的另一个讨论中发现的 spring-cloud github discussion
I think this is perfectly normal as this
OEFExceptionwas added by our colleague per apache/tomcat@91b7859. Logging error on INFO level when ssl connection is made to non-ssl connector is a bit aggressive.