堆栈内存溢出
  简体   繁体   English

如何使用ALPN在Jetty SPDY上使用客户端证书?

[英]How to work with client certificates on Jetty SPDY with ALPN?

 原文  2014-09-22 10:44:14       java/ ssl/ jetty/ spdy/ alpn

问题描述

I have problem with client certifiacates when I use SPDY with Jetty. 当我将SPDY与Jetty一起使用时,客户端证书存在问题。

It works when I work with NPN and start Jetty SPDY server with: 当我使用NPN并使用以下命令启动Jetty SPDY服务器时,它可以工作: 

SSLconnector = new HTTPSPDYServerConnector(server, sslContextFactory);

As a baseRequest.getHttpChannel() it uses org.eclipse.jetty.spdy.server.http.HttpChannelOverSPDY and I can read SSL properties like SSL_SESSION_ID and client certificates with code like: 作为baseRequest.getHttpChannel()它使用org.eclipse.jetty.spdy.server.http.HttpChannelOverSPDY ,我可以使用以下代码读取SSL_SESSION_ID类的SSL属性和客户端证书: 

// ... HttpServletRequest request
java.security.cert.X509Certificate client_certs[] = (java.security.cert.X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");

But NPN is not an option in Java8 (see my question How to run Jetty with SPDY using ALPN? ). 但是NPN在Java8中不是一个选项(请参阅我的问题如何使用ALPN在SPDY上运行Jetty? )。 In Java8 I have to use ALPN protocol like: 在Java8中,我必须使用ALPN协议,例如: 

sslContextFactory.setWantClientAuth(w3srv_config.want_client_auth);
// ...
HttpConfiguration httpConfig = new HttpConfiguration();

SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "alpn");
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory("spdy/3", "http/1.1");
alpn.setDefaultProtocol("http/1.1");
HTTPSPDYServerConnectionFactory spdy = new HTTPSPDYServerConnectionFactory(SPDY.V3, httpConfig);
HttpConnectionFactory http = new HttpConnectionFactory(httpConfig);

SSLconnector = new ServerConnector(server, new ConnectionFactory[]{ssl, alpn, spdy, http});
//...

With this code I got null when I want to get any SSL related javax.servlet.request.* . 使用此代码,当我想要获取任何与SSL相关的javax.servlet.request.*时,我将获得null Its baseRequest.getHttpChannel() is org.eclipse.jetty.server.HttpConnection$HttpChannelOverHttp . 它的baseRequest.getHttpChannel()org.eclipse.jetty.server.HttpConnection$HttpChannelOverHttp

What I have to change to work with client certificates? 使用客户端证书时,我需要更改什么?

1 个解决方案

解决方案1
 1 已采纳  2014-09-22 11:59:09

The javax.servlet.request.* properties you are looking for are set by Jetty's SecureRequestCustomizer , which you need to add to the httpConfig object you create in your code example above. 您要查找的javax.servlet.request.*属性是由Jetty的SecureRequestCustomizer设置的,您需要将其添加到在上面的代码示例中创建的httpConfig对象中。

I am guessing that your NPN configuration is slightly different, or you use some utility method in Jetty that does this for you with NPN but not with ALPN. 我猜您的NPN配置略有不同,或者您在Jetty中使用了一些实用程序方法,该方法可以通过NPN而不是ALPN为您完成此操作。

Just doing: 只是做: 

HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.addCustomizer(new SecureRequestCustomizer());

should be enough to fix your issue. 应该足以解决您的问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用ALPN在SPDY上运行Jetty? - How to run Jetty with SPDY using ALPN? 带有客户证书的嵌入式Jetty - Embedded Jetty with client certificates 如何在JDK8上使用SPDY运行Jetty? - How to run Jetty with SPDY on JDK8? 如何让NodeJS代理Jetty Proxy之类的客户端证书 - How to get NodeJS to proxy Client Certificates like Jetty Proxy 带码头的SPDY“ Hello服务器” - SPDY “Hello server” with Jetty 码头:可以使用SPDY / 3.1吗? - Jetty: is it possible to use SPDY/3.1? ClassNotFoundException: org/eclipse/jetty/alpn/ALPN,但我可以访问这个类 - ClassNotFoundException: org/eclipse/jetty/alpn/ALPN, but I have access to this class java.lang.ClassNotFoundException:org / eclipse / jetty / alpn / ALPN - java.lang.ClassNotFoundException: org/eclipse/jetty/alpn/ALPN ALPN回调被删除:SPDY和HTTP / 2被禁用。 在引导类路径上是alpn-boot吗? - ALPN callback dropped: SPDY and HTTP/2 are disabled. Is alpn-boot on the boot class path? 如何将Jetty与Let的加密证书一起使用? - How to use Jetty with Let's Encrypt certificates?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM