Ich starte Spring Boot Microservices in Docker Container (Docker-Compose) zum Testen, vor kurzem versucht, von Spring Boot 1.4.0 auf 1.4.1 zu aktualisieren (versuchte 1.4.2. Auch) aber die Dienste nicht beim Start mit einerSpring Boot 1.4.1 SSL trustAnchors Ausnahme
InvalidAlgorithmParameterException: die trustAnchors Parameter nicht leer Ausnahme sein muss.
Ich habe keine Probleme mit Spring Boot 1.4.0 erlebt. Die Dockerfile, die ich für einen der Dienste verwende, ist unten angegeben (einige sensible Werte wurden ersetzt, versucht 1.4.2 mit dem gleichen Ergebnis.
Das gleiche Verhalten passiert, wenn ich den Dienst in der Befehlszeile mit allen ausführen Umgebungsvariablen und Java params in der Dockerfile unten aufgeführten
Hier ein Auszug aus dem Protokoll ist.
2016-11-10 08:10:06.645 ERROR [sbsa-account-om-service,,,] 1 --- [ main] o.apache.catalina.core.StandardService : Failed to start connector [Connector[HTTP/1.1-8762]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8762]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:233) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:178) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544) [spring-context-4.3.3.RELEASE.jar!/:4.3.3.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1186) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1175) [spring-boot-1.4.1.RELEASE.jar!/:1.4.1.RELEASE]
at com.sbg.om.services.SbsaAccountOmServiceApplication.main(SbsaAccountOmServiceApplication.java:24) [classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_11]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_11]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_11]
at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0_11]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [app.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [app.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [app.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:58) [app.jar:0.0.1-SNAPSHOT]
Caused by: org.apache.catalina.LifecycleException: service.getName(): "Tomcat"; Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:976) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
... 21 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:874) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:590) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:969) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
... 22 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[na:1.8.0_11]
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157) ~[na:1.8.0_11]
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130) ~[na:1.8.0_11]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:341) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:273) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]
... 27 common frames omitted
2016-11-10 08:10:06.691 INFO [sbsa-account-om-service,,,] 1 --- [ main] o.apache.catalina.core.StandardService : Stopping service Tomcat
Dockerfile:
FROM webdizz/centos-java8
VOLUME /tmp
ADD <app name>.jar app.jar
ADD smoke-test.trust.jks /smoke-test.trust.jks
# Environment vars for SSL keystore + truststore
ENV security_x509_orgUnit=<org unit>
ENV server_ssl_enabled="true"
ENV security_sessions="stateless"
ENV security_headers_hsts="all"
ENV server_ssl_ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
ENV server_ssl_protocol="TLS"
ENV server_ssl_keyStore="/smoke-test.trust.jks"
ENV server_ssl_keyStorePassword=<password>
ENV server_ssl_keyStoreType="JKS"
ENV server_ssl_keyAlias=<alias>
ENV server_ssl_keyPassword=<password>
ENV ribbon_ReadTimeout="60000"
ENV ribbon_IsSecure="true"
ENV ribbon_IsHostnameValidationRequired="true"
ENV ribbon_KeyStore="/smoke-test.trust.jks"
ENV ribbon_KeyStorePassword=<password>
ENV security_requireSsl="true"
ENV server_ssl_trustStore="/smoke-test.trust.jks"
ENV server_ssl_trustStorePassword=<password>
ENV server_ssl_trustStoreType="JKS"
ENV server_ssl_clientAuth="need"
ENV ribbon_TrustStore="/smoke-test.trust.jks"
ENV ribbon_TrustStorePassword=<password>
ENV ribbon_IsClientAuthRequired="true"
ENV PCI_CIPHER_KEY=<key>
ENV liquibase_contexts=<context>
# run actual Java app
RUN sh -c 'touch /app.jar'
EXPOSE 8762
EXPOSE 9997
ENTRYPOINT ["java", \
"-Djavax.net.ssl.trustStore=/smoke-test.trust.jks", \
"-Djavax.net.ssl.trustStorePassword=<password>", \
"-Djavax.net.ssl.trustStoreType=JKS", \
"-Djavax.net.debug=ssl", \
"-Dspring.profiles.active=testing", \
"-Dom.security.enabled=true", \
"-Dmanagement.security.enabled=true", \
"-Dom.security.x509.subjectPrincipalRegex=OU=(.*?)(?:,|$)", \
"-Dom.security.x509.roleConfiguration[0].roleNames[0]=<roleName>", \
"-Dom.security.x509.roleConfiguration[0].searchValues[0]=<value>", \
"-Dom.security.orderedPathRestrictions[0].pattern='/**'", \
"-Dom.security.orderedPathRestrictions[0].roles=<role>", \
"-Dom.security.orderedPathRestrictions[0].csrfDisabled=true", \
"-Xdebug", \
"-agentlib:jdwp=transport=dt_socket,address=9997,server=y,suspend=n", \
"-Dserver.port=8762", \
"-Deureka.instance.non-secure-port=0", \
"-Deureka.instance.secure-port=8762", \
"-Deureka.instance.hostname=<name>", \
"-Deureka.instance.nonSecurePortEnabled=false", \
"-Deureka.instance.securePortEnabled=true", \
"-Deureka.client.serviceUrl.defaultZone=<URL>", \
"-Dspring.application.name=sbsa-account-om-service", \
"-Deureka.instance.secureVirtualHostName=<name>", \
"-Djava.security.egd=file:/dev/./urandom", \
"-jar", \
"/app.jar"]
Edit: Dies ist nicht das gleiche Problem wie in trustAnchors question erwähnt, da mein Problem mit Spring Boot Version 1.4.0 zu 1.4.1, die einzige Änderung ist die Boot-Version, alle anderen Konfigurationen, die unter Spring Boot 1.4 gearbeitet. 0 sind gleich geblieben.
Mögliches Duplikat von [Error - trustAnchors Parameter muss nicht leer sein] (http://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty) – Rao