[英]WildFly 9 enable client certificate authentication
I want to enable client certificate authentication on my web app running on a WildFly 9 server.我想在 WildFly 9 服务器上运行的 Web 应用程序上启用客户端证书身份验证。
For that, I configured my application with the following elements:为此,我使用以下元素配置了我的应用程序:
I created a server keystore, a client keystore.我创建了一个服务器密钥库,一个客户端密钥库。 From them, I exported a self-signed certificate which I included in my server truststore.
我从他们那里导出了一个自签名证书,该证书包含在我的服务器信任库中。
My standalone.xml file contains those parts:我的 standalone.xml 文件包含这些部分:
...
<management>
<security-realms>
<security-realm name="my-realm">
<server-identities>
<ssl>
<keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="password"/>
</ssl>
</server-identities>
<authentication>
<jaas name="my-domain"/>
</authentication>
</security-realm>
</security-realms>
</management>
...
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="my-domain" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/app-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/app-roles.properties"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
...
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<https-listener name="https" socket-binding="https" security-realm="my-realm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
...
My web.xml file contains this:我的 web.xml 文件包含这个:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Resource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
...
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>my-realm</realm-name>
</login-config>
<security-role>
<role-name>my-role</role-name>
</security-role>
...
My jboss-web.xml contains:我的 jboss-web.xml 包含:
<security-domain>my-domain</security-domain>
I also added the following arguments on my JDK:我还在我的 JDK 上添加了以下参数:
-Djavax.net.debug=ssl:handshake
-Djavax.net.ssl.trustStore=[WILDFLY_HOME]\\standalone\\configuration\\server.truststore
-Djavax.net.ssl.trustStorePassword=password
Then I tried to access to my web application using a web browser at the URL http://localhost:8080/my-app-web/
.然后我尝试使用 Web 浏览器在 URL
http://localhost:8080/my-app-web/
上访问我的 Web 应用程序。 I am redirected to https://localhost:8443/my-app-web/
and I can reached the content of the page even if the browser does not contain the client certificate.我被重定向到
https://localhost:8443/my-app-web/
,即使浏览器不包含客户端证书,我也可以访问页面的内容。
Can you tell me what is wrong with my configuration ?你能告诉我我的配置有什么问题吗?
You need a Certificate
login module in your security domain.您的安全域中需要一个
Certificate
登录模块。
Have a look at this quickstart for more details.查看此快速入门了解更多详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.