我无法将spring Boot 应用程序连接到aws document db。请告诉我哪里出错了。
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.7.0</version><relativePath /> <!-- lookup parent from repository --></parent><groupId>com.mercedes-benz.xdrs</groupId><artifactId>xdrs_data_service_api</artifactId><version>1.0.0.0</version><name>xdrs_data_service_api</name><description>xdrs data service api</description><packaging>jar</packaging><properties><java.version>11</java.version><spring-cloud.version>2021.0.2</spring-cloud.version><log4j2.version>2.19.0</log4j2.version></properties><dependencies><dependency><groupId>org.springframework.retry</groupId><artifactId>spring-retry</artifactId><version>1.3.1</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><version>3.0.2</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-log4j2</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId></dependency><dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.13</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-aop</artifactId></dependency><dependency><groupId>org.springdoc</groupId><artifactId>springdoc-openapi-ui</artifactId><version>1.2.9</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-mongodb</artifactId></dependency><dependency><groupId>org.mongodb</groupId><artifactId>mongo-java-driver</artifactId><version>3.12.10</version> <!-- Use the latest version --></dependency><dependency><groupId>org.mongodb</groupId><artifactId>mongodb-driver-sync</artifactId><version>4.4.1</version> <!-- Use the latest version --></dependency><dependency><groupId>com.amazonaws</groupId><artifactId>aws-java-sdk</artifactId><version>1.11.986</version> <!-- Use the latest version --></dependency><dependency><groupId>org.mapstruct</groupId><artifactId>mapstruct-jdk8</artifactId><version>1.3.0.Beta2</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-validation</artifactId></dependency><dependency><groupId>org.mongodb</groupId><artifactId>mongodb-driver-core</artifactId><version>3.11.2</version></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>${spring-cloud.version}</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins><finalName>xdrs-data-service-api</finalName></build>
字符串
DocumentDBConf.java
package com.mercedesBenz.xdrs.dataService.config;import java.io.File;import java.security.Security;import javax.net.ssl.SSLContext;import org.springframework.beans.factory.annotation.Value;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.mongodb.core.MongoTemplate;import com.mongodb.ConnectionString;import com.mongodb.MongoClientSettings;import com.mongodb.client.MongoClient;import com.mongodb.client.MongoClients;@Configurationpublic class DocumentDBConf {@Value("${documentdb.connectionString}")private String connectionString;@Value("${documentdb.pemFile}")private String pemFile;@Beanpublic MongoClient mongoClient() throws Exception {// Load the .pem certificate fileFile pemCertificate = new File(pemFile);// Enable AWS DocumentDB TLSSystem.setProperty("javax.net.ssl.trustStore", pemCertificate.getAbsolutePath());System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); // The default trust store passwordSystem.setProperty("javax.net.debug", "ssl");// Enable strong cryptography// Security.setProperty("crypto.policy", "unlimited");ConnectionString connString = new ConnectionString(connectionString);MongoClientSettings settings = MongoClientSettings.builder().applyToSslSettings(sslSettingsBuilder -> {try {sslSettingsBuilder.enabled(true).context(SSLContext.getDefault()); // Use the default SSLContext} catch (Exception e) {throw new RuntimeException("Error creating SSL context", e);}}).applyConnectionString(connString).build();return MongoClients.create(settings);}@Beanpublic MongoTemplate mongoTemplate(MongoClient mongoClient) {return new MongoTemplate(mongoClient, "test"); // Replace 'your_database_name' with your actual database name}
型
}
application.properties
documentdb.connectionString=mongodb://user:pwd@xdrs-int-docdb-cluster-identifier.cluster-c6wywertyiq6.eu-central-1.docdb.amazonaws.com:27017/test?tls=truedocumentdb.pemFile=/xdrs_data_service_api/src/main/resources/global-bundle.pem#documentdb.pemFile=classpath:docdb.cert#documentdb.pemFile=classpath:rds-truststore.jksmanagement.metrics.mongo.command.enabled=falsemanagement.metrics.mongo.connectionpool.enabled=false
型
XdrsDataServiceApplication.java
package com.mercedesBenz.xdrs.dataService;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.EnableAutoConfiguration;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;import org.springframework.boot.autoconfigure.mongo.embedded.EmbeddedMongoAutoConfiguration;import org.springframework.context.annotation.ComponentScan;import org.springframework.context.annotation.Configuration;import org.springframework.retry.annotation.EnableRetry;@SpringBootApplication(exclude = {MongoAutoConfiguration.class,MongoDataAutoConfiguration.class})public class XdrsDataServiceApplication {public static void main(String[] args) {SpringApplication.run(XdrsDataServiceApplication.class, args);}}
型
我的pem文件存储位置的图像
在本地我得到以下错误
的
当我在AWS ECS Fargate中部署相同的代码时,我看到以下日志
的
1条答案
按热度按时间rmbxnbpk1#
这里有两个问题:
.pem证书文件不能直接用作Java信任库,而是包含应该导入到Java信任库中的证书(使用keytoolJava实用程序),这样您的程序就可以在验证DocumentDB服务器的身份时引用该信任库(通过javax.net.ssl.trustStore系统属性)。sun.security.*封装(在您发布的Fargate日志中引用)验证DocumentDB服务器的身份,方法是尝试构建一个有效的PKIX证书路径,该路径从Java信任存储中找到的根CA证书到您所针对的特定DocumentDB服务器提供的证书。如果在javax.net.ssl.trustStore处找到的Java信任存储无效(例如,因为它是.pem文件,而不是有效的.jks文件),或者如果它不包含必要的证书(例如,因为在global-bundle.pem中找到的根CA证书从未使用Javakeytool实用程序导入),PKIX路径构建失败,这意味着无法建立DocumentDB服务器的标识。有关详细信息,请参阅启用TLS连接(并确保选择“Java”选项卡以查看特定于Java的说明)。