fenixsoft / microservice_arch_springcloud Goto Github PK
View Code? Open in Web Editor NEW基于SpringCloud实现的微服务架构示例工程。《凤凰架构》的配套组件。
Home Page: https://icyfenix.cn
License: Apache License 2.0
基于SpringCloud实现的微服务架构示例工程。《凤凰架构》的配套组件。
Home Page: https://icyfenix.cn
License: Apache License 2.0
目前密码错误、校验token时用户不存在等情况抛出异常为信息格式是没有经过包装的,这样的异常如何被捕获并处理呢?
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on Java language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository (i.e., microservice_arch_springcloud from Github, and a security issue detected by our detector are shown in the following. The specific security issues we found are as follows:
(1) Location: Package: com.github.fenixsoft.bookstore.infrasturcture.security; Class: RSA256PublicJWTAccessToken.class
Security issue: not verify the public key certificate used to validate JWT signature.
We detected that the RSA256PublicJWTAccessToken method get public key from the certificate without any verification. An attacker may use the private key corresponding to a revoked or expired or self-signed public key certificate to forge a JWT. We recommend to verify the validity of certificates and certificate chains to improve system security.
We wish the above security issues cloud truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forwart to your reply. Thanks.
项目启动后 页面显示 接收到未处理的异常:
HTTP Code:401, 信息:[invalid_token] Cannot convert access token to JSON
2021-12-20 12:06:39.604 ERROR 1 --- [nfoReplicator-0] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution error. endpoint=DefaultEndpoint{ serviceUrl='http://platform-registry:8761/eureka/}
platform-gateway_1 |
platform-gateway_1 | com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
platform-gateway_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187) ~[jersey-apache-client4-1.19.1.jar!/:1.19.1]
platform-gateway_1 | at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123) ~[jersey-client-1.19.1.jar!/:1.19.1]
platform-gateway_1 | at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27) ~[eureka-client-1.9.17.jar!/:1.9.17]
platform-gateway_1 | at com.sun.jersey.api.client.Client.handle(Client.java:652) ~[jersey-client-1.19.1.jar!/:1.19.1]
platform-gateway_1 | at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) ~[jersey-client-1.19.1.jar!/:1.19.1]
platform-gateway_1 | at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) ~[jersey-client-1.19.1.jar!/:1.19.1]
platform-gateway_1 | at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570) ~[jersey-client-1.19.1.jar!/:1.19.1]
Every docker container works fine and the front web can get all data functionally. Why this log seems eureka server didn't run properly.
如题
rt
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.