java - Spring Boot 捕获 SSLHandshakeException
问题描述
我们有一个使用 2-way ssl Auth 用 SpringBoot 编写的 rest API。当用户选择错误/过期的客户端证书时,我们想发送 401 HTTP 状态代码。
当它发生时,我可以看到异常:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
API 正常启动并且工作正常。每当用户尝试调用我的 api 选择错误的客户端证书或无效时,就会发生异常。在这种情况下,我想将 401 返回给调用者
Spring Boot 配置了 Tomcat 和@EnableWebSecurity
http.x509().subjectPrincipalRegex("XXXXXX").userDetailsService(this.userDetailsService);
((RequiresChannelUrl)http.requiresChannel().anyRequest()).requiresSecure();
urls().forEach((url, guard) -> {
try {
((AuthorizedUrl)http.authorizeRequests().antMatchers(new String[]{url})).access(guard);
} catch (Exception var4) {
throw new UnsupportedOperationException("error");
}
});
这里是堆栈跟踪:
DirectJDKLog.java:175 [] Handshake failed during wrap
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
....
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
浏览器显示:ERR_BAD_SSL_CLIENT_AUTH_CERT 是否可以在 SpringBoot 中捕捉到这个异常并发送特定的 HTTP 状态码?
解决方案
也许您可以尝试控制器建议:
@ControllerAdvice
class MyControllerExceptionHandler {
@ResponseStatus(HttpStatus.UNAUTHORIZED) // or whatever you want
@ExceptionHandler(SSLHandshakeException.class)
public void handleHandshakeException() {
// Nothing to do
}
}