Webapp with CLIENT-CERT authentication method
来源:百度文库 编辑:神马文学网 时间:2024/05/23 18:47:46
The first prerequisite is tomcat running over SSL channel. Oryou will get
Another prerequisite is to set the SSL port of Tomcat asmutual authentication. That way the UA will present your certificate to theserver.
You will get this if no client certificate is provided.
The third prerequisite is the client must trust the server‘scertificate and vice verse. Firefox will raise this alter window if yourcertificate is not trusted by the server.
The web.xml of web app is,
ProtectedServlet
/ProtectedByClientCert
members
Resource protected by clientcert
/ProtectedByClientCert
members
CLIENT-CERT
Client Cert Users-onlyArea
Please pay attention to the. Itconstraints the allowed users to the role of members. So you also need to adduser names into tomcat-users.xml. But what‘s the user name? In otherauthentication methods, users are given the chance to input their name whenaccessing the protected resources. In CLLENT-CERT method, there is no chance tolet uses do that. Certificate is the only credential user presents. So youshould use information contained in certificate as user name. Solely usingvalue of CN field won‘t work. Imagine a situation that there are two Johnsbelong to different organization unit. How tomcat distinguishes these two guysby the CN ? So the correct value you set in tomcat-users.xml is the DN of theuser. Below is an example file.
Remember, only put "clientbrowser" in the usernamefield won‘t work!!
The connector configuration for this example is,
maxThreads="150" minSpareThreads="25"maxSpareThreads="75"
enableLookups="false"disableUploadTimeout="true"
acceptCount="100" scheme="https"secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="/root/tomcat.keystore.jks"keystorePass="changeit"
debug="9"
/>
Onequestion:
If the client owns more than one certificates how the UAsends the server the proper certificate ?
A quick guessing is the UA may send all certificates that theclient owns to the server to let the server choose one among them.
Another prerequisite is to set the SSL port of Tomcat asmutual authentication. That way the UA will present your certificate to theserver.
You will get this if no client certificate is provided.
The third prerequisite is the client must trust the server‘scertificate and vice verse. Firefox will raise this alter window if yourcertificate is not trusted by the server.
The web.xml of web app is,
Please pay attention to the
Remember, only put "clientbrowser" in the usernamefield won‘t work!!
The connector configuration for this example is,
enableLookups="false"disableUploadTimeout="true"
acceptCount="100" scheme="https"secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="/root/tomcat.keystore.jks"keystorePass="changeit"
debug="9"
/>
Onequestion:
If the client owns more than one certificates how the UAsends the server the proper certificate ?
A quick guessing is the UA may send all certificates that theclient owns to the server to let the server choose one among them.
Webapp with CLIENT-CERT authentication method
How to invoke method expressions with paramet...
Using RADIUS Authentication for ISA Server 2004 VPN Remote Client Connections
Scientific method
JSP Client
学习Acegi-认证(authentication)
学习Acegi-认证(authentication)
Swiss Cheese Method
Scientific method - Wikipedia
Study English First Method
smart client auto update
Smart Client的学习体会
Java CAS client
Lustre Windows Native Client
Smart Client的学习体会
Rich Client技术简介
Java CAS client
Home - Central Authentication Service - JA-SIG Wiki
S60在线签名教程/CERT Application Guide/Guide demande d...
Set up users password method
FOREX 1-2-3 METHOD
解決 OpenVPN client 連線後,外部網段無法連到 client 的問題
magazine: Introducing the Microcontent Client
gSOAP Calculator Service and Client