search

spring-projects / spring-data-mongodb

Provides support to increase developer productivity in Java when using MongoDB. Uses familiar Spring concepts such as a template classes for core API usage and lightweight repository style data access.
https://spring.io/projects/spring-data-mongodb/
Apache License 2.0
1.62k stars 1.09k forks source link

issue with connecting to reactive mongodb #4748

Closed lukaszgendek closed 3 months ago

lukaszgendek commented 3 months ago

With docker-compose I've created two modules

however, when connecting I can see the error in the logs.

You can reproduce it by unpacking the attachment and running docker-compose up --build And here's what we get

demo_1 | 2024-07-19T07:48:49.421Z INFO 1 --- [demo] [}-mongodb:27017] org.mongodb.driver.cluster : Exception in monitor thread while connecting to server mongodb:27017 demo_1 | demo_1 | com.mongodb.MongoSocketWriteException: Exception sending message demo_1 | at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:691) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:564) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:396) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:346) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:92) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:48) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:130) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnectionInitializer.startHandshake(InternalStreamConnectionInitializer.java:78) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:203) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.lookupServerDescription(DefaultServerMonitor.java:193) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:153) ~[mongodb-driver-core-5.0.1.jar!/:na] demo_1 | at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na] demo_1 | Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target demo_1 | at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na] demo_1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[na:na] demo_1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[na:na] demo_1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[na:na] demo_1 | at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:na] demo_1 | at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:na] demo_1 | at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[na:na] demo_1 | at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na] demo_1 | at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na] demo_1 | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[na:na] demo_1 | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[na:na] demo_1 | at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na] demo_1 | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[na:na] demo_1 | at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1649) ~[netty-handler-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1495) ~[netty-handler-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1336) ~[netty-handler-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1385) ~[netty-handler-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530) ~[netty-codec-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469) ~[netty-codec-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[netty-codec-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1407) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final] demo_1 | ... 1 common frames omitted demo_1 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target demo_1 | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na] demo_1 | at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na] demo_1 | at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na] demo_1 | at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[na:na] demo_1 | at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:na] demo_1 | at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632) ~[na:na] demo_1 | ... 31 common frames omitted demo_1 | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target demo_1 | at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:na] demo_1 | at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:na] demo_1 | at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na] demo_1 | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na] demo_1 | ... 36 common frames omitted demo_1

lukaszgendek commented 3 months ago

mongo_reactive_issue.zip

christophstrobl commented 3 months ago

This does not seem to be a problem with spring-data-mongodb but the underlying client. Have you tried if it works as expected just using the reactive MongoClient without any of the spring bits?

mp911de commented 3 months ago

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target indicates that the server uses a certificate that isn't in your trust store. Please fix your SSL configuration, as @christophstrobl mentioned possibly by configuring the MongoClient directly with an appropriate trust store.

lukaszgendek commented 3 months ago

indicates that the server uses a certificate that isn't in your trust store.

but you can see, that the certificate is there, you can also notice that initially the connection is successful, but there is an error in the monitoring thread later