java - Spring Boot 捕获 SSLHandshakeException

问题描述

我们有一个使用 2-way ssl Auth 用 SpringBoot 编写的 rest API。当用户选择错误/过期的客户端证书时，我们想发送 401 HTTP 状态代码。

当它发生时，我可以看到异常：

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

API 正常启动并且工作正常。每当用户尝试调用我的 api 选择错误的客户端证书或无效时，就会发生异常。在这种情况下，我想将 401 返回给调用者

Spring Boot 配置了 Tomcat 和@EnableWebSecurity

http.x509().subjectPrincipalRegex("XXXXXX").userDetailsService(this.userDetailsService);
((RequiresChannelUrl)http.requiresChannel().anyRequest()).requiresSecure();

urls().forEach((url, guard) -> {
   try {
      ((AuthorizedUrl)http.authorizeRequests().antMatchers(new String[]{url})).access(guard);
    } catch (Exception var4) {
        throw new UnsupportedOperationException("error");
    }
});

这里是堆栈跟踪：

DirectJDKLog.java:175 [] Handshake failed during wrap
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
....
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

浏览器显示：ERR_BAD_SSL_CLIENT_AUTH_CERT 是否可以在 SpringBoot 中捕捉到这个异常并发送特定的 HTTP 状态码？

标签： javaspringspring-boottomcat