堆栈内存溢出
  简体   繁体   English

Java手动客户端证书认证

[英]Java Manual Client Certificate Authentication

 原文  2013-03-18 17:43:51       java/ authentication/ tomcat/ client

问题描述

As part of a Java web app I'm looking to implement client authentication through a browser certificate. 作为Java Web应用程序的一部分,我希望通过浏览器证书实现客户端身份验证。 I have been able to locate information on how to generate and install the certificates on the client and server. 我已经能够找到有关如何在客户端和服务器上生成和安装证书的信息。

In terms of access, all the information I can find seems to be about configuring access to a particular path eg www.mydomain.com/securearea and letting the server handle access. 在访问方面,我能找到的所有信息似乎都与配置对特定路径(例如www.mydomain.com/securearea)的访问并让服务器处理访问有关。

However, I want to implement custom behaviour depending on whether the user presents a valid client certificate or not, rather than a blanket access block. 但是,我想根据用户是否提供有效的客户端证书而不是覆盖访问块来实现自定义行为。 Essentially I want to be able to create a method like hasValidClientCertificate() 本质上,我希望能够创建类似hasValidClientCertificate()的方法

Unfortunately I'm unable to find any reference as to how I can programatically check if the client has a valid certificate in Java. 不幸的是,我找不到任何有关如何以编程方式检查客户端是否具有Java有效证书的参考。 I'm using Tomcat. 我正在使用Tomcat。 This isn't my strong area so would be very grateful for any tips or advice. 这不是我的强项,所以非常感谢您提供任何提示或建议。

Many thanks for your time 非常感谢您的宝贵时间

Paul 保罗

1 个解决方案

解决方案1
 1  2013-03-18 19:26:45

You need to perform couple of steps 您需要执行几个步骤

1) Configure tomcat to perform client certificate authentication (in the server.xml): 1)配置tomcat以执行客户端证书身份验证(在server.xml中): 

<Connector port="8443" 
protocol="HTTP/1.1" 
SSLEnabled="true"          
maxThreads="150" 
minSpareThreads="25" 
maxSpareThreads="75"
enableLookups="false" 
disableUploadTimeout="true"
acceptCount="100" 
keyAlias="tomcat"
debug="0" 
scheme="https" 
secure="true"
clientAuth="want" 
sslProtocol="TLS" 
keystoreFile="server.keystore" keystorePass="changeit" 
truststoreFile="trust.keystore" truststorePass="changeit"/>

Clarification from http://tomcat.apache.org/tomcat-7.0-doc/config/http.html regarding clientAuth attribute: 来自http://tomcat.apache.org/tomcat-7.0-doc/config/http.html的关于clientAuth属性的说明:

set to want if you want the SSL stack to request a client Certificate, but not fail if one isn't presented. 如果希望SSL堆栈请求客户端证书,则设置为want ,但是如果未提供证书,则不会失败。

Please refer to Tomcat authentication for better explanation how to configure Tomcat for SSL: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html 请参考Tomcat身份验证以获得更好的解释,说明如何为SSL配置Tomcat: http : //tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

2) Implement your hasValidClientCertificate() using the following code: 2)使用以下代码实现hasValidClientCertificate(): 

X509Certificate[] crts = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (crts!= null && crts.length > 0) {
    return true;        
}

3) If you need to access to the user certificate please access 3)如果您需要访问用户证书,请访问 

X509Certificate userCert = crts [0];

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 6 HTTPS客户端证书认证 - Java 6 HTTPS client certificate authentication Java HTTPS 客户端证书认证 - Java HTTPS client certificate authentication GAE java中的证书客户端认证 - Client Authentication by Certificate in GAE java 带有SSL身份验证的Java SOAP客户端:错误证书 - Java SOAP Client with SSL authentication : bad certificate 在Java7中而不是在Java8中工作的客户端证书认证代码 - client side certificate authentication code working in java7 and not in java8 使用Java2se HTML单元的SSL客户端证书认证 - SSL client certificate authentication with Java2se html-unit Java-WebSocket - 从服务器获取客户端证书以进行身份验证 - Java-WebSocket - Get Client certificate from Server for authentication SSL 错误:在 java 中没有找到合适的证书而无需客户端身份验证继续 - SSL Error : no suitable certificate found continuing without client authentication in java Java - 使用客户端证书身份验证时取消Ssl流 - Java - Ssl stream is cancelled when using client certificate authentication 基于Java证书的身份验证 - Java certificate based authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM