Spring Boot 无法验证服务器名称“iapps-in-dev-sql-server.privatelink.database.windows.net“检索数据库元数据时出错;

bis0qfac  于 2023-11-17  发布在  Spring
关注(0)|答案(1)|浏览(128)

升级后我得到以下错误。它在jdk 8和spring Boot 版本1.5.3-release和MS SQL驱动程序mssql-jdbc-6.1.0.jre7.jar中工作正常
现在我升级了jdk到21,spring-boot到2.7.16,并使用下面的jdbc驱动程序

<dependency>
    <groupId>com.microsoft.sqlserver</groupId>
    <artifactId>mssql-jdbc</artifactId>
    <version>12.4.2.jre11</version>
</dependency>

字符串
我在连接数据库时遇到一个奇怪的异常。请在下面找到异常。请告诉我如何解决这个问题

org.springframework.dao.DataAccessResourceFailureException: Error retrieving database meta-data; nested exception is org.springframework.jdbc.support.MetaDataAccessException: Could not get Connection for extracting meta-data; nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is java.sql.SQLException: Cannot create PoolableConnectionFactory ("encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: Failed to validate the server name "iapps-in-dev-sql-server.privatelink.database.windows.net"in a certificate during Secure Sockets Layer (SSL) initialization. Name in certificate "cr11.indiacentral1-a.control.database.windows.net". ClientConnectionId:225fcdb4-f187-4250-9dcc-07def6542715)
    at org.springframework.jdbc.core.metadata.CallMetaDataProviderFactory.createMetaDataProvider(CallMetaDataProviderFactory.java:144)
    at org.springframework.jdbc.core.metadata.CallMetaDataContext.initializeMetaData(CallMetaDataContext.java:254)
    at org.springframework.jdbc.core.simple.AbstractJdbcCall.compileInternal(AbstractJdbcCall.java:315)
    at org.springframework.jdbc.core.simple.AbstractJdbcCall.compile(AbstractJdbcCall.java:298)
    at com.gtl.industryapp.commonservice.middleware.service.db.helper.CommonServiceDatabaseCommunicator.setDefaultParameter(CommonServiceDatabaseCommunicator.java:178)
    at com.gtl.industryapp.commonservice.middleware.service.db.helper.CommonServiceDatabaseCommunicator.getResult(CommonServiceDatabaseCommunicator.java:157)
    at com.gtl.industryapp.commonservice.middleware.service.db.helper.CommonServiceDatabaseCommunicator.getSPResult(CommonServiceDatabaseCommunicator.java:70)
    at com.gtl.industryapp.commonservice.middleware.service.db.helper.CommonServiceDatabaseCommunicator$$FastClassBySpringCGLIB$$c9e927a0.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
    at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:703)
    at com.gtl.industryapp.commonservice.middleware.service.db.helper.CommonServiceDatabaseCommunicator$$EnhancerBySpringCGLIB$$37381077.getSPResult(<generated>)
    at com.gtl.industryapp.commonservice.middleware.service.impl.GeneralDataServiceImpl.getData(GeneralDataServiceImpl.java:44)
    at com.gtl.industryapp.commonservice.middleware.service.impl.helper.AppStoreServiceHelper.executeForApi(AppStoreServiceHelper.java:56)
    at com.gtl.industryapp.commonservice.middleware.service.impl.AppStoreServiceImpl.getAppDataForApi(AppStoreServiceImpl.java:44)
    at com.gtl.industryapp.commonservice.middleware.controller.AppStoreApiServiceController.getAPPData(AppStoreApiServiceController.java:39)
    at com.gtl.industryapp.commonservice.middleware.controller.AppStoreApiServiceController$$FastClassBySpringCGLIB$$701775b8.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:792)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.aop.aspectj.AspectJAfterAdvice.invoke(AspectJAfterAdvice.java:49)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:58)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:707)
    at com.gtl.industryapp.commonservice.middleware.controller.AppStoreApiServiceController$$EnhancerBySpringCGLIB$$38c57cc5.getAPPData(<generated>)
    at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
    at java.base/java.lang.reflect.Method.invoke(Method.java:580)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.gtl.iapps.db.multitenancy.routing.intercepter.SecurityContextFilter.doFilterInternal(SecurityContextFilter.java:69)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:182)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1790)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:1583)


原因:org.springframework.jdbc.support. MetaDataException:无法获取用于提取元数据的Connection;嵌套异常为org.springframework.jdbc.CannotGetJdbcConnectionException:无法获取JDBC Connection;嵌套异常为java.sql.SQLException:无法创建PoolableConnectionFactory(“encrypt”属性设置为“true”,“trustServerCertificate”属性设置为“false”)但驱动程序无法使用 ssl 层(SSL)加密建立到SQL Server的安全连接:错误:在iapps-in-dev-sql-server.privatelink.database.windows.net ssl 层(SSL)初始化期间,无法验证证书中的服务器名称“www.example.com“。证书中的名称“cr11.indiacentral1-a.control.database.windows.net“。ClientConnectionId:225 fcdb 4-f187-4250-9dcc-07 def 6542715)
有时它会出现以下情况:Caused by:org.springframework.jdbc.support. MetaDataException:Could not get Connection for extracting meta-data; nested exception是org.springframework.jdbc.CannotGetJdbcConnectionException:Failed to obtain JDBC Connection; nested exception是java.sql.SQLException:无法创建PoolableConnectionFactory(“encrypt”属性设置为“true”,“trustServerCertificate”属性设置为“false”,但驱动程序无法使用 ssl 层(SSL)加密建立与SQL Server的安全连接:错误代码:无法在iapps-in-dev-sql-server.privatelink.database.windows.net ssl 层(SSL)初始化期间验证证书中的服务器名称“www.example.com“。证书中的名称为“cr11.indiacentral1-a.control.database.windows.net"。ClientConnectionId:225 fcdb 4-f187-4250-9dcc-07 def 6542715)
其他一些时间为Caused by:org.springframework.jdbc.support. MetaDataException:Could not get Connection for extracting meta data; nested exception为org.springframework.jdbc.CannotGetJdbcConnectionException:Failed to obtain JDBC Connection; nested exception为java.sql.SQLException:无法创建PoolableConnectionFactory(“encrypt”属性设置为“true”,“trustServerCertificate”属性设置为“false”,但驱动程序无法使用 ssl 层(SSL)建立到SQL Server的安全连接)加密:错误代码:无法在iapps-in-dev-sql-server.privatelink.database.windows.net ssl 层(SSL)初始化期间验证证书中的服务器名称“www.example.com“。证书中的名称为“cr13.indiacentral1-a.control.database.windows.net"。ClientConnectionId:225 fcdb 4-f187-4250-9dcc-07 def 6542715)
数据库是在azure .我正在寻找这个问题的解决方案.

flvtvl50

flvtvl501#

错误实际上是告诉你什么是错的。

"encrypt" property is set to "true" and "trustServerCertificate" property is set to "false"

字符串
文件规定如下:

encrypt = true
trustServerCertificate = false or blank
hostNameInCertificate = value
trustStore = blank
trustStorePassword = blank
The driver requests to use TLS encryption with the server.

If the server requires the client to support TLS encryption or if the server supports encryption, the driver will initiate the TLS certificate exchange.

The driver will validate the TLS certificate's subject value by using the value specified for the hostNameInCertificate property.

If the server isn't configured to support encryption, the driver will raise an error and terminate the connection.


https://learn.microsoft.com/en-us/sql/connect/jdbc/understanding-ssl-support?view=sql-server-ver16
这意味着因为encrypt=truetrustServerCertificate=false,那么它将强制验证证书TLS链,您可能没有或有但无效。(例如TLS Subject值与服务器的hostName不匹配
现在,如果您查看mssql-jdbc的github代码,
在6.1.0版中,encrypt=falsetrustServerCertificate=false都是,这意味着

encrypt = false or blank
trustServerCertificate = any
hostNameInCertificate = any
trustStore = any
trustStorePassword = any
The driver won't force the server to support TLS encryption. If the server has a self-signed certificate, the driver initiates the TLS certificate exchange. The TLS certificate won't be validated and only the credentials (in the login packet) are encrypted.

If the server requires the client to support TLS encryption, the driver will initiate the TLS certificate exchange. The TLS certificate won't be validated, but the entire communication will be encrypted.


https://github.com/microsoft/mssql-jdbc/blob/cd2f4c87403aa6a41cbe8b3dda3106392dc6ee0b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java#L917
如果你检查12.4.2版本,它现在通过encrypt=truetrustServerCertificate=false来强制执行TLS验证。
https://github.com/microsoft/mssql-jdbc/blob/v12.4.2/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java#L610
因此,您需要在Java信任库中拥有数据库服务器证书才能进行连接。
或者设置不安全的encrypt=truetrustServerCertificate=true,因为这基本上意味着不验证TLS证书。

encrypt = true
trustServerCertificate = true
hostNameInCertificate = any
trustStore = any
trustStorePassword = any
The driver requests to use TLS encryption with the server.

If the server requires the client to support TLS encryption or if the server supports encryption, the driver will initiate the TLS certificate exchange. If the trustServerCertificate property is set to "true", the driver won't validate the TLS certificate.

If the server isn't configured to support encryption, the driver will raise an error and terminate the connection.

相关问题