我们有一个相当古老的Grails网站(2.3)已经服务了我们的需求了很长一段时间。服务器需要呼叫另一个服务以获取客户详细信息,该服务很快将仅需要TLS 1.1或更高版本。我们的站点在java 1.7上运行,它应该支持TLS 1.1和1.2,但要求它显式启用。我在grails网站上启用它时遇到了麻烦。
我所尝试的主要是通过运行
来启动grailsdo_something_that_might_throw根据说明here和提示here。但是当我这样做时,当我尝试登录到其他站点时,套接字仍然关闭:
grails -Dhttps.protocols=TLSv1.1 run-app
我已经确认我的系统和系统的java支持TLS 1.1。我创建了一个示例java客户端来直接连接到该站点。当我经常运行它时会收到类似的连接重置消息,但是当我尝试
时它会得到一个有效的响应Message: Connection reset
Line | Method
->> 196 | read in java.net.SocketInputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 122 | read in ''
| 82 | flushBuffer . . . . . . in java.io.BufferedOutputStream
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 99 | flush in com.ctc.wstx.io.UTF8Writer
| 214 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 311 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 230 | flush in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 91 | serialize . . . . . . . in org.apache.axis2.databinding.ADBDataSource
| 638 | internalSerialize in org.apache.axiom.om.impl.llom.OMSourcedElementImpl
| 563 | serializeChildren . . . in org.apache.axiom.om.impl.util.OMSerializerUtil
| 846 | internalSerialize in org.apache.axiom.om.impl.llom.OMElementImpl
| 267 | serializeInternally . . in org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl
| 229 | internalSerialize in ''
| 188 | serializeAndConsume . . in org.apache.axiom.om.impl.llom.OMSerializableImpl
| 74 | writeTo in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest . . . . . in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest . . . . . in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute in ''
| 398 | executeWithRetry . . . in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod in ''
| 397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
| 75 | send in ''
| 404 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 231 | invoke in ''
| 443 | send . . . . . . . . . in org.apache.axis2.engine.AxisEngine
| 406 | send in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl . . . . . . in ''
| 165 | execute in org.apache.axis2.client.OperationClient
| 3916 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ in com.zuora.zortal.util.ZApi$$EPbnSoym
| 48 | <init> . . . . . . . . in com.zuora.zortal.repository.ZuoraRepository
| 40 | login in saaseiportal.unauthorized.LoginController
| 195 | doFilter . . . . . . . in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run . . . . . . . . . . in java.lang.Thread
我怀疑grails中的某个地方实际上正在清除我的设置。在产生异常的登录调用之前,我添加了一个日志调用
java -Dhttps.protocols=TLSv1.1 SampleHttpTest
它只记录一个空值。在我尝试登录之前立即设置该属性没有任何效果,可能是因为它在应用程序的生命中已经太晚了(某些工厂已经创建或者其他东西)。
我实际上是一个grails新手,所以将应用程序升级到grails 2.5和java 8实际上是一个相当令人生畏的前景。我希望有人可以指出一些简单的东西:
&#34;在这里,grails允许您在运行任何其他Java代码之前设置系统属性&#34; 要么 &#34;这里的grails设置了一堆默认设置,你应该检查那里的值&#34; 要么 &#34;它可能是需要清除/摆弄这些设置的身份验证插件(或其他东西)&#34;
提前感谢您的帮助!!
答案 0 :(得分:1)
它可能是分叉模式。要将JVM参数传递给分叉Java,您必须稍微更改BuildConfig.groovy:
grails.project.fork = [
...
run : [maxMemory: 1280, minMemory: 128, debug: false, maxPerm: 256, forkReserve: true, jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
...
]
但它也可能是别的东西。