httpClient 在从 azure 反向代理调用 https 连接时抛出连接重置
httpClient throws Connection reset while invoking https connection from azure reverse proxy
实际上我有配置为重定向到 keycloak 的 saml 应用程序
当我第一次使用 HTTP URLs(httpClient 3.1,jdk1.8) 配置应用程序时,我没有收到任何问题,但是当使用反向代理(WAF azure 应用程序网关反向代理)进行 HTTPS 连接时,出现异常
**Caused by**: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://example.com/auth/realms/realmName/protocol/saml/descriptor
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata (HTTPMetadataProvider.java:274)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh (AbstractReloadingMetadataProvider.java:255)
... 9 more
**Caused by**: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:250)
知道我已经在 JVM 级别添加了证书并且 URL 我刚刚调用的 (https://example.com/auth/realms/realmName/protocol/saml/descripto) 可以通过 curl 命令或从浏览器访问
我通过升级 jdk 版本解决了同样的问题
实际上我有配置为重定向到 keycloak 的 saml 应用程序 当我第一次使用 HTTP URLs(httpClient 3.1,jdk1.8) 配置应用程序时,我没有收到任何问题,但是当使用反向代理(WAF azure 应用程序网关反向代理)进行 HTTPS 连接时,出现异常
**Caused by**: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://example.com/auth/realms/realmName/protocol/saml/descriptor
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata (HTTPMetadataProvider.java:274)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh (AbstractReloadingMetadataProvider.java:255)
... 9 more
**Caused by**: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:250)
知道我已经在 JVM 级别添加了证书并且 URL 我刚刚调用的 (https://example.com/auth/realms/realmName/protocol/saml/descripto) 可以通过 curl 命令或从浏览器访问
我通过升级 jdk 版本解决了同样的问题