DEVHIDE
Login Or Sign up

Unable to connect Java Spring Boot application to Amazon Keyspaces

1.8k Views Asked by At

I'm trying to connect my java spring boot application to my AWS Keyspaces keyspace. I've followed amazons docs on how to setup and configure this connection using the DataStax Java Driver for Apache Cassandra (https://docs.aws.amazon.com/keyspaces/latest/devguide/using_java_driver.html). I've also looked at the following:

  1. Unsupported partitioner with Amazon Keyspaces (for Apache Cassandra)
  2. Connect to AWS keyspaces with Spring reactive data autoconfiguration
  3. https://docs.spring.io/spring-data/cassandra/docs/3.2.0/reference/html/#cassandra.connectors

Here is the error I'm receiving:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cassandraSession' defined in class path resource [com/envase/connect/config/CassandraSetup.class]: Invocation of init method failed; nested exception is com.datastax.oss.driver.api.core.AllNodesFailedException: Could not reach any contact point, make sure you've provided valid addresses (showing first 1 nodes, use getAllErrors() for more): Node(endPoint=cassandra.us-east-2.amazonaws.com:9142, hostId=null, hashCode=3fcfeaa9): [com.datastax.oss.driver.api.core.DriverTimeoutException: [s5|control|id: 0x19776100, L:/192.168.1.105:53683 - R:cassandra.us-east-2.amazonaws.com/3.12.23.181:9142] Protocol initialization request, step 1 (OPTIONS): timed out after 5000 ms] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1786) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:602) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1380) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791) ~[spring-beans-5.3.6.jar:5.3.6] ... 25 common frames omitted Caused by: com.datastax.oss.driver.api.core.AllNodesFailedException: Could not reach any contact point, make sure you've provided valid addresses (showing first 1 nodes, use getAllErrors() for more): Node(endPoint=cassandra.us-east-2.amazonaws.com:9142, hostId=null, hashCode=3fcfeaa9): [com.datastax.oss.driver.api.core.DriverTimeoutException: [s5|control|id: 0x19776100, L:/192.168.1.105:53683 - R:cassandra.us-east-2.amazonaws.com/3.12.23.181:9142] Protocol initialization request, step 1 (OPTIONS): timed out after 5000 ms] at com.datastax.oss.driver.api.core.AllNodesFailedException.copy(AllNodesFailedException.java:141) ~[java-driver-core-4.8.0.jar:na] at com.datastax.oss.driver.internal.core.util.concurrent.CompletableFutures.getUninterruptibly(CompletableFutures.java:149) ~[java-driver-core-4.8.0.jar:na] at com.datastax.oss.driver.api.core.session.SessionBuilder.build(SessionBuilder.java:674) ~[java-driver-core-4.8.0.jar:na] at org.springframework.data.cassandra.config.CqlSessionFactoryBean.buildSystemSession(CqlSessionFactoryBean.java:498) ~[spring-data-cassandra-3.1.8.jar:3.1.8] at org.springframework.data.cassandra.config.CqlSessionFactoryBean.afterPropertiesSet(CqlSessionFactoryBean.java:451) ~[spring-data-cassandra-3.1.8.jar:3.1.8] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1845) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1782) ~[spring-beans-5.3.6.jar:5.3.6] ... 36 common frames omitted Suppressed: com.datastax.oss.driver.api.core.DriverTimeoutException: [s5|control|id: 0x19776100, L:/192.168.1.105:53683 - R:cassandra.us-east-2.amazonaws.com/3.12.23.181:9142] Protocol initialization request, step 1 (OPTIONS): timed out after 5000 ms at com.datastax.oss.driver.internal.core.channel.ChannelHandlerRequest.onTimeout(ChannelHandlerRequest.java:108) ~[java-driver-core-4.8.0.jar:na]

It also prints the following warning over and over until the above error is thrown:

2021-04-27 15:04:48.106 WARN 17664 --- [ s4-admin-0] c.d.o.d.internal.core.pool.ChannelPool : [s4|/3.12.23.155:9142] Error while opening new channel (ConnectionInitException: [s4|id: 0x0e9e0986, L:/192.168.1.105:53764 - R:3.12.23.155/3.12.23.155:9142] Protocol initialization request, step 1 (STARTUP {CQL_VERSION=3.0.0, DRIVER_NAME=DataStax Java driver for Apache Cassandra(R), DRIVER_VERSION=4.8.0, CLIENT_ID=f943143d-48b5-40ce-9d3c-f12123f3d687}): failed to send request (javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 3.12.23.155 found))

build.gradle:

plugins {
    id 'org.springframework.boot' version '2.4.5'
    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
    id 'java'
}

group = 'com.envase.connect'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '11'

repositories {
    mavenCentral()
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation group: 'com.datastax.oss', name: 'java-driver-core', version: '4.8.0'
    implementation group: 'com.datastax.oss', name: 'java-driver-query-builder', version: '4.8.0'
    implementation group: 'com.datastax.oss', name: 'java-driver-mapper-runtime', version: '4.8.0'
    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-cassandra-reactive', version: '2.4.5'

I've also tried version 4.9.0 and 4.11.0 for the com.datastax.oss dependencies

application.conf

datastax-java-driver {
     basic.contact-points = ["cassandra.us-east-2.amazonaws.com:9142"]
     advanced.auth-provider {
         class = PlainTextAuthProvider
         username = "******"
         password = "******"
     }
     basic.load-balancing-policy {
         local-datacenter = "us-east-2"
     }
     advanced.connection {
         timeout = 30 seconds
         connect-timeout = 30 seconds
         init-query-timeout = 30 seconds
      }

     advanced.metadata {
         schema.enabled = "false"
         token-map.enabled = "false"
     }

     advanced.ssl-engine-factory {
         class = DefaultSslEngineFactory
         cipher-suites = [ "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA" ]
         truststore-path = "./src/main/resources/cassandra_truststore.jks"
         truststore-password = "****"
     }
 }

cassandra config class:

import com.datastax.oss.driver.api.core.CqlSession;
import com.datastax.oss.driver.api.core.config.DriverConfigLoader;
import com.datastax.oss.driver.internal.core.config.typesafe.DefaultDriverConfigLoader;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.cassandra.config.AbstractReactiveCassandraConfiguration;
import org.springframework.data.cassandra.config.SchemaAction;
import org.springframework.data.cassandra.repository.config.EnableReactiveCassandraRepositories;

@Configuration
@EnableReactiveCassandraRepositories
public class CassandraSetup extends AbstractReactiveCassandraConfiguration {


  @Value("${cassandra.contact-points}")
  private String contactPoints;

  @Value("${cassandra.port}")
  private int port;

  @Value("${cassandra.keyspace}")
  private String keyspace;

  @Value("${cassandra.data.local-datacenter}")
  private String dataCenter;

  @Override
  protected String getKeyspaceName() {
    return keyspace;
  }

  @Override
  protected String getContactPoints() {
    return contactPoints;
  }

  @Override
  protected int getPort() {
    return port;
  }

  @Override
  public SchemaAction getSchemaAction() {
    return SchemaAction.NONE;
  }

    @Override
    protected CqlSession getRequiredSession() {
        DriverConfigLoader loader = DriverConfigLoader.fromClasspath("application.conf");
        return CqlSession.builder().withConfigLoader(loader).withLocalDatacenter(dataCenter).build();
    }
}

I've continued to get the same error no matter what I try. Any and all help would be greatly appreciated.

java spring-boot spring-data-cassandra amazon-keyspaces
Original Q&A
3

There are 3 best solutions below

0
On

The issue looks related to the certificate you are using the certificat

this is the clue:

"javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 3.12.23.15"

check this out: Java CertificateException "No subject alternative names matching IP address ... found"

0
On

The error message from AWS Keyspaces is misleading for timeout. The real problem is that the driver's ssl-engine-factory is configured to the default value - none. See: https://docs.datastax.com/en/developer/java-driver/4.13/manual/core/ssl/

When it is used the spring configuration AbstractReactiveCassandraConfiguration the datastax configuration standard behavior is overwritten and is not working.

The method getSessionBuilderConfigurerWrapper from the AbstractSessionConfiguration class (extended by the AbstractReactiveCassandraConfiguration) defines driver typesafe configuration only to defaultOverrides(which are system properties) and defaultReference(which is the "reference.conf").

Therefore in order to apply your configuration you should override the getDriverConfigurationResource from the AbstractSessionConfiguration class and return it as Resource.

0
On

This error occurred because there is no direct way for a Spring application to connect to AWS keyspaces with SSL. To solve this problem, you need to customize the SSL context and provide it to the library. I am attaching code snippet for creating custom ssl context.

    @Bean
  public CqlSessionFactoryBean session() {
    CqlSessionFactoryBean session = new CqlSessionFactoryBean();
    session.setContactPoints(contactPoints);
    session.setKeyspaceName(keySpace);
    session.setPassword(password);
    session.setUsername(username);
    session.setLocalDatacenter(localDatacenter);
    session.setPort(port);
    session.setSessionBuilderConfigurer(
        sessionBuilder -> {
          try {
            SSLContext context = SSLContext.getInstance("SSL");
            TrustManagerFactory tmf = null;
            try (InputStream tsf =Files.newInputStream(Paths.get(PATH_OF_TRUSTSTORE))) {
              KeyStore ts = KeyStore.getInstance("JKS");
              char[] ssm = PASSWORD_OF_TRUSTSTORE.toCharArray();
              ts.load(tsf, ssm);
              tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
              tmf.init(ts);
            }

            context.init(null,tmf.getTrustManagers());

            SslEngineFactory sslEngineFactory =
                new ProgrammaticSslEngineFactory(context, null, false);
            sessionBuilder.withSslEngineFactory(sslEngineFactory);
            return sessionBuilder;
          } catch (Exception e) {
            throw new RuntimeException(e);
          }
        });
    return session;
  }

In the above code, I have created a CqlSessionFactoryBean and provided a custom SSL context to SessionBuilderConfigurer, which performs the handshake with the help of SSL.

I have created trustore using following commands

curl https://certs.secureserver.net/repository/sf-class2-root.crt -O

openssl x509 -outform der -in sf-class2-root.crt -out temp_file.der

keytool -import -alias cassandra -keystore cassandra_truststore.jks -file temp_file.der

At last command it ask for password which is used in CqlSessionFactoryBean creation

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-DATA-CASSANDRA

Related Questions in AMAZON-KEYSPACES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.