通过Java应用程序使用Apache进行证书认证和授权
[英]Certificate Authentication and Authorization with Apache from a Java Application
问题描述
I have an Apache server that handles authentication and authorization before forwarding requests to a second server. 
我有一个Apache服务器,它在将请求转发到第二台服务器之前处理身份验证和授权。
Users accessing the server from a browser are authenticating with LDAP and the authorization checks to see that username is present within a defined file. 从浏览器访问服务器的用户正在使用LDAP进行身份验证,并且授权会检查已定义文件中是否存在用户名。
I also have a Java application that can access the server (at a different endpoint), which currently hardcodes a username and a password into a request URL and leverages Basic Authentication over SSL. 我还有一个Java应用程序,可以访问服务器(在另一个端点),该应用程序当前将用户名和密码硬编码到请求URL中,并利用SSL上的基本身份验证。
Rather than use Basic Authentication, is it possible to configure Apache to accept a keystore/truststore from the Java application and authenticate/authorize on the certificate's CN and a password? 除了使用基本身份验证之外,还可以将Apache配置为从Java应用程序接受密钥库/信任库,并在证书的CN和密码上进行身份验证/授权吗? If so, can anyone cite an example? 如果是这样,有人可以举一个例子吗?
1 个解决方案
解决方案1
0 已采纳 2015-10-23 18:59:32
You can configure Apache to request client certificate authentication and use +FakeBasicAuth SSLOption in order to preserve compatibility with your current setup. 您可以将Apache配置为请求客户端证书认证,并使用+FakeBasicAuth SSLOption来保持与当前设置的兼容性。
If the Java application can be restrained to certain URLs then you can require certificate authentication, otherwise make it optional as you do not want your other clients to have to authenticate with certificates. 如果可以将Java应用程序限制为某些URL,则可以要求证书身份验证,否则将其设为可选,因为您不希望其他客户端必须使用证书进行身份验证。
There are good examples of this in the SSL/TLS - How-To in the Apache documentation. Apache文档的SSL / TLS-How-To中提供了很好的示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.