堆栈内存溢出
  简体   繁体   English

如何在Java Web应用程序中实现基于PKI证书的身份验证

[英]How to implement PKI certificate based authentication in Java Web application

 原文  2018-08-18 14:19:50       java/ tomcat/ ssl/ x509certificate/ pki

问题描述

I have a Servlets/JSP based traditional Java MVC web application on Tomcat server, I want to implement PKI certificate based authentication. 我在Tomcat服务器上有一个基于Servlets / JSP的传统Java MVC Web应用程序,我想实现基于PKI证书的身份验证。 In which user doesn't have to provide the login credentials. 在其中用户不必提供登录凭据。 Here is the basic requirements: 基本要求如下:

  1. Admin issues the PKI certificate to the client, 管理员向客户端颁发PKI证书,
  2. Admin sends the PKI certificate to the client and adds it to the PKI Cert Store, 管理员将PKI证书发送给客户端,并将其添加到PKI证书存储中,
  3. Client adds the certificate to the browser, and 客户端将证书添加到浏览器,并且
  4. Whenever client clicks on Login button on the application, the application fetches the browser certificate and authenticate the client from the PKI Cert Store. 每当客户端单击应用程序上的“登录”按钮时,应用程序都会获取浏览器证书并从PKI证书存储对客户端进行身份验证。

Please suggest how to proceed with this kind of requirement. 请提出如何进行此类要求的建议。

1 个解决方案

解决方案1
 0  2018-09-07 23:19:41

First you set up SSL/TLS at the Tomcat server level . 首先,您在Tomcat服务器级别设置SSL / TLS

Then you use a security framework at the webapp level to enforce the SSL client certificate (X.509) authentication requirement on specific URL paths (or patterns of) such as the login URL. 然后,您可以在Web应用程序级别使用安全框架,以对特定URL路径(或模式)(例如登录URL)强制执行SSL客户端证书(X.509)身份验证要求。 One such commonly used library which allows flexible configuration of client certificate authentication is Spring Security , with which you can use either a XML configuration file or Java annotations in your webapp to get what you want. 可以灵活配置客户端证书身份验证的此类常用库之一就是Spring Security ,您可以使用该库在Webapp中使用XML配置文件或Java批注来获取所需的内容。 On the documentation link about X.509 authentication , you also have the necessary SSL setup instructions for Tomcat. 有关X.509身份验证文档链接上 ,您还具有针对Tomcat的必要SSL设置说明。

You may find another way to do client certificate authentication natively in Tomcat using some configuration in the webapp deployment descriptor ( web.xml ) and in Tomcat realm configuration (eg tomcat-users.xml ), but it is quite tedious and far less flexible. 您可能会发现另一种在Tomcat中使用webapp部署描述符( web.xml )和Tomcat领域配置中的配置(例如tomcat-users.xml )进行本地客户端证书身份验证的方法,但是它相当繁琐且灵活性低得多。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何实现openId基于java web的应用程序? - How to implement openId java web based application? 如何在基于Spring的Java应用程序中实现Windows身份验证? - How to implement windows authentication in spring based Java-application? 基于Java证书的身份验证 - Java certificate based authentication JAVA Web应用程序中基于表单的身份验证重试 - Form Based Authentication Retries in JAVA Web Application JAVA Web应用程序中基于表单的身份验证 - Form Based Authentication in a JAVA Web Application 使用Wildfly 8的客户端PKI证书身份验证发送404 - Client PKI certificate authentication with Wildfly 8 sends 404 如何在Java中创建PKI - How to create a PKI in Java 如何在Java应用程序中实现基于声明的身份验证? - How to implement claims based authentication in a java app? 基于Java的Web应用程序的Windows身份验证,如何? - Windows Authentication for Java Based web applications, How to? 如何在Java Web应用程序中实现DownloadManager? - How to implement DownloadManager in Java Web Application?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM