I’m using Spring 3.2.11.RELEASE and Spring Security 3.1.4.RELEASE. I want to configure a keystone in my web application so that I can make HTTPs calls using the Apache httpclient library. I would like to make this configuration via XML in my web app as opposed to adding the certificate to Java’s cacerts file. In my application context file, I tried adding
<bean id="systemPrereqs"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" value="#{@systemProperties}" />
<property name="targetMethod" value="putAll" />
<property name="arguments">
<!-- The new Properties -->
<util:properties>
<prop key="javax.net.ssl.trustStore">${key.store.file}</prop>
<prop key="javax.net.ssl.trustStorePassword">${key.store.password}</prop>
</util:properties>
</property>
</bean>
However, “${key.store.file}” is a relative URL (the file is inside my WAR), so the above results in the exception below …
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1366) [jsse.jar:1.7.0_80-ea]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) [jsse.jar:1.7.0_80-ea]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) [httpclient-4.3.4.jar 4.3.4]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) [httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) [httpclient-4.3.4.jar:4.3.4]
at org.mainco.subco.lightside.service.LightsideServiceImpl.sendJsonRequestToLightside(LightsideServiceImpl.java:267) [core-84.0.0-SNAPSHOT.jar:]
Is there any way to configure my keystone in my application XML? If upgrading or adding a new library helps solve this problem, I’m willing to do that. Thanks - Dave
