在一次调试中,出现了这个错误:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
详细报错信息如下:
严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)
at java.lang.Thread.run(Thread.java:)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)
at sun.security.validator.Validator.validate(Validator.java:)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)
... more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)
... more 十二月 , :: 下午 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet [jsp] in context with path [] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)
at java.lang.Thread.run(Thread.java:)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)
... more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)
at sun.security.validator.Validator.validate(Validator.java:)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)
... more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)
... more
这个错误最终定位在这个方法:
protected final String retrieveResponseFromServer(final URL validationUrl,
final String ticket) {
HttpURLConnection connection = null;
try {
connection = (HttpURLConnection) validationUrl.openConnection();
final BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream())); String line;
final StringBuffer stringBuffer = new StringBuffer(255); synchronized (stringBuffer) {
while ((line = in.readLine()) != null) {
stringBuffer.append(line);
stringBuffer.append("\n");
}
return stringBuffer.toString();
} } catch (final IOException e) {
log.error(e, e);
return null;
} catch (final Exception e1){
log.error(e1, e1);
return null;
}finally {
if (connection != null) {
connection.disconnect();
}
}
}
后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
具体的实现是:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+ session.getPeerHost());
return true;
}
};
private static void trustAllHttpsCertificates() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext
.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
}
static class miTM implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}
附件:AbstractCasProtocolUrlBasedTicketValidator
解决CAS单点登录出现PKIX path building failed的问题的更多相关文章
-
解决 sun.security.validator.ValidatorException: PKIX path building failed
今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...
-
CAS 5.x搭建常见问题系列(2).PKIX path building failed
错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...
-
解决 java 使用ssl过程中出现";PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target";
今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...
-
解决java使用https协议请求出现证书不信任问题(PKIX path building failed)
解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...
-
解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target
最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...
-
抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法
抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...
-
解决PKIX path building failed
起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...
-
解决PKIX path building failed的问题
Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...
-
从头解决PKIX path building failed
从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...
随机推荐
-
Hadoop源代码分析
http://wenku.baidu.com/link?url=R-QoZXhc918qoO0BX6eXI9_uPU75whF62vFFUBIR-7c5XAYUVxDRX5Rs6QZR9hrBnUdM ...
-
sgu 104 Little Shop of Flowers
经典dp问题,花店橱窗布置,不再多说,上代码 #include <cstdio> #include <cstring> #include <iostream> #i ...
-
nodejs环境设置理解
本小白今天忙了一下午,就为了设置好nodejs的环境变量. 其实理解了nodejs调用的过程就会发现环境变量的设置及其简单(当然,我是边安装边想的,不知我想的对不对) 首先,npm下载的模块分为全局模 ...
-
Android之Fragment详解
文章大纲 一. 什么是Fragment二. Fragment生命周期三. Fragment简单实例四.Fragment实战五.项目源码下载六.参考文章 一. 什么是Fragment Fragmen ...
-
python之三元表达式、列表推导式、生成器表达式、递归、匿名函数、内置函数
一 三元表达式.列表推导式.生成器表达式 一 三元表达式 name=input('姓名>>: ') res='SB' if name == 'alex' else 'NB' print(r ...
-
MyBatis Spring SqlSessionFactoryBean 配置
在基本的 MyBatis 中,session 工厂可以使用 SqlSessionFactoryBuilder 来创建.而在 MyBatis-Spring 中,则使用 SqlSessionFactory ...
-
linux - 【LAMP环境配置安装注意安装步骤】 9
(一)安装gcc glibc-devel glibc-headers ==>依赖项 kernel-headers ==>依赖项 libgomp gcc-c++ libstdc++-deve ...
-
INSERT CLAUSE
a.single table insert INSERT INTO jobs(job_id,job_title,min_salary,Max_Salary) VALUES('IT_PM','PROJE ...
-
Delphi映射模式实验
unit FrmMappingMode; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Contro ...
-
CENTOS 7发送邮件测试
centos7作为126邮箱客户端发送邮件测试. 首先安装客户端软件: yum install sendmail mailx -y 配置邮箱设置: 开启smtp发件协议 配置授权码,写入配置文件. 追 ...