spring org.springframework.core.io.UrlResource not support https resource

Question

when config the grails config location as below

grails.config.locations = [
    "https://ip:8443/config/Config.groovy"
]

will get the below warning message in log

 2018-11-28 19:04:22,682 WARN   ConfigurationHelper - Unable to load specified config location https://ip:8443/config/Config.groovy : File does not exist.

but I can access https://ip:8443/config/Config.groovy directly from the browser.

In org.codehaus.groovy.grails.commons.cfg.ConfigurationHelper.mergeInLocations()

private static void mergeInLocations(ConfigObject config, List locations, PathMatchingResourcePatternResolver resolver, ClassLoader classLoader) {

...
 def resource = resolver.getResource(location.toString())
 if(resource.exists()) {
      ...
 } else {
   LOG.warn "Unable to load specified config location $location : File does not exist."
 }

}

the resolver is the org.springframework.core.io.support.PathMatchingResourcePatternResolver in spring. and resolver.getResource(location.toString()) result will be a org.springframework.core.io.UrlResource

and UrlResource.exists() code is like

public boolean exists() {
      ...
    try {
       URLConnection con = url.openConnection();
       HttpURLConnection httpCon =
                    (con instanceof HttpURLConnection ? (HttpURLConnection) con : null);
            if (httpCon != null) {
                int code = httpCon.getResponseCode();
                if (code == HttpURLConnection.HTTP_OK) {
                    return true;
                }
                else if (code == HttpURLConnection.HTTP_NOT_FOUND) {
                    return false;
                }
            }
    }catch(IOException ex){
       return false;
    }

}

and since its https , it will throw java.security.cert.CertificateException: No subject alternative names present when httpCon.getResponseCode().

so UrlResource is not for https resource? what should I do if I want to load the https resource? thanks.

score 0 · Answer 1 · answered Dec 03 '18 at 19:07

0

Note the error message you describe, which I can also duplicate: "No subject alternative names present" means that your hostname "ip" is not in the certificate. Try switching to the fully qualified domain name, like "ip.mydomain.com" or whatever is encoded in the certificate. (You can view your certificate details in your browser on the "page info" dialog)

answered Dec 03 '18 at 19:07

jja

100
4

hi，thanks . my IP is just IP address like 10.116.53.2 .and the certificate is self signed – Peter Yang Dec 03 '18 at 22:45
Still, your IP address is not listed as a Subject Alternative Name in the certificate. I don't know if you can or should add numeric addresses to certs. But in the end, this is really a question about getting Java's HttpsURLConnection to accept your certificate. You can add it to your keystore. See https://stackoverflow.com/questions/859111/how-can-i-use-different-certificates-on-specific-connections and https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client – jja Dec 05 '18 at 22:19
yeah，if UrlResource is my code，I can make it to accept my certificate，but it's spring source code， I cannt change that code – Peter Yang Dec 06 '18 at 01:14
Change the system keystore using the command line keytool ... the second link in particular has some examples. – jja Dec 06 '18 at 01:49

spring org.springframework.core.io.UrlResource not support https resource

1 Answers1