我无法将spring Boot 应用程序连接到aws document db。请告诉我哪里出错了。
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-
4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.0</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.mercedes-benz.xdrs</groupId>
<artifactId>xdrs_data_service_api</artifactId>
<version>1.0.0.0</version>
<name>xdrs_data_service_api</name>
<description>xdrs data service api</description>
<packaging>jar</packaging>
<properties>
<java.version>11</java.version>
<spring-cloud.version>2021.0.2</spring-cloud.version>
<log4j2.version>2.19.0</log4j2.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.2.9</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-mongodb</artifactId>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<version>3.12.10</version> <!-- Use the latest version -->
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-sync</artifactId>
<version>4.4.1</version> <!-- Use the latest version -->
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk</artifactId>
<version>1.11.986</version> <!-- Use the latest version -->
</dependency>
<dependency>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-jdk8</artifactId>
<version>1.3.0.Beta2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-core</artifactId>
<version>3.11.2</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
<finalName>xdrs-data-service-api</finalName>
</build>字符串
DocumentDBConf.java
package com.mercedesBenz.xdrs.dataService.config;
import java.io.File;
import java.security.Security;
import javax.net.ssl.SSLContext;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.mongodb.core.MongoTemplate;
import com.mongodb.ConnectionString;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
@Configuration
public class DocumentDBConf {
@Value("${documentdb.connectionString}")
private String connectionString;
@Value("${documentdb.pemFile}")
private String pemFile;
@Bean
public MongoClient mongoClient() throws Exception {
// Load the .pem certificate file
File pemCertificate = new File(pemFile);
// Enable AWS DocumentDB TLS
System.setProperty("javax.net.ssl.trustStore", pemCertificate.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); // The default trust store password
System.setProperty("javax.net.debug", "ssl");
// Enable strong cryptography
// Security.setProperty("crypto.policy", "unlimited");
ConnectionString connString = new ConnectionString(connectionString);
MongoClientSettings settings = MongoClientSettings.builder()
.applyToSslSettings(sslSettingsBuilder -> {
try {
sslSettingsBuilder.enabled(true)
.context(SSLContext.getDefault()); // Use the default SSLContext
} catch (Exception e) {
throw new RuntimeException("Error creating SSL context", e);
}
})
.applyConnectionString(connString)
.build();
return MongoClients.create(settings);
}
@Bean
public MongoTemplate mongoTemplate(MongoClient mongoClient) {
return new MongoTemplate(mongoClient, "test"); // Replace 'your_database_name' with your actual database name
}型
}
application.properties
documentdb.connectionString=mongodb://user:pwd@xdrs-int-docdb-
cluster-identifier.cluster-c6wywertyiq6.eu-central-1.docdb.amazonaws.com:27017/test?tls=true
documentdb.pemFile=/xdrs_data_service_api/src/main/resources/global-bundle.pem
#documentdb.pemFile=classpath:docdb.cert
#documentdb.pemFile=classpath:rds-truststore.jks
management.metrics.mongo.command.enabled=false
management.metrics.mongo.connectionpool.enabled=false型
XdrsDataServiceApplication.java
package com.mercedesBenz.xdrs.dataService;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
import org.springframework.boot.autoconfigure.mongo.embedded.EmbeddedMongoAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.retry.annotation.EnableRetry;
@SpringBootApplication(exclude = {MongoAutoConfiguration.class,
MongoDataAutoConfiguration.class})
public class XdrsDataServiceApplication {
public static void main(String[] args) {
SpringApplication.run(XdrsDataServiceApplication.class, args);
}
}型
我的pem文件存储位置的图像
在本地我得到以下错误
的
当我在AWS ECS Fargate中部署相同的代码时,我看到以下日志
的
1条答案
按热度按时间rmbxnbpk1#
这里有两个问题:
.pem证书文件不能直接用作Java信任库,而是包含应该导入到Java信任库中的证书(使用keytoolJava实用程序),这样您的程序就可以在验证DocumentDB服务器的身份时引用该信任库(通过javax.net.ssl.trustStore系统属性)。sun.security.*封装(在您发布的Fargate日志中引用)验证DocumentDB服务器的身份,方法是尝试构建一个有效的PKIX证书路径,该路径从Java信任存储中找到的根CA证书到您所针对的特定DocumentDB服务器提供的证书。如果在javax.net.ssl.trustStore处找到的Java信任存储无效(例如,因为它是.pem文件,而不是有效的.jks文件),或者如果它不包含必要的证书(例如,因为在global-bundle.pem中找到的根CA证书从未使用Javakeytool实用程序导入),PKIX路径构建失败,这意味着无法建立DocumentDB服务器的标识。有关详细信息,请参阅启用TLS连接(并确保选择“Java”选项卡以查看特定于Java的说明)。