我需要帮助理解客户端证书身份验证和使用jetty嵌入式登录服务之间的关系

时间:2012-06-15 18:28:10

标签: java jetty embedded-jetty client-certificates

我在我的Java WebApp项目中使用了jetty 7。

我已设置SSL,下一步是处理客户端证书身份验证。 在我已指定的web.xml中:

<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
    <web-resource-name>EntireApp</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
    <role-name>allAuthenticated</role-name>
</auth-constraint>
<user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

以下是startserver例程中的代码:

SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
    ssl_connector.setPort(Integer.valueOf(httpPort1));
    SslContextFactory cf = ssl_connector.getSslContextFactory();
    cf.setKeyStore(sslProperties.getKeyStore());
    cf.setKeyStorePassword(sslProperties.getKeyPassword());
    cf.setTrustStore(sslProperties.getTrustStore());
    cf.setTrustStorePassword(sslProperties.getTrustStorePassword());
    cf.setNeedClientAuth(true);

    server.setConnectors(new Connector[]{ connector0,  ssl_connector });

    WebAppContext context = new WebAppContext();
    context.setDescriptor("WebContent/WEB-INF/web.xml");
    context.setResourceBase("WebContent");
    context.setContextPath("/");
    context.setParentLoaderPriority(true);

    SecurityHandler secHandler = new ConstraintSecurityHandler();

    //Authenticator authenticator = new ClientCertAuthenticator();
    Authenticator authenticator = new DummyAuthenticator();


  //probably I need something different, but what ? 
    LoginService loginService = new HashLoginService("Test Realm", "d:/downloads/test.properties");

    secHandler.setRealmName("Test Realm");
    secHandler.setLoginService(loginService);

    secHandler.setAuthenticator(authenticator);

    context.setSecurityHandler(secHandler);

    server.setHandler(context);

    try {
        server.start();
        server.join();
    } catch (Exception e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

我的问题是我应该将什么登录服务与ClientCertAuthenticator一起使用? 或者如果那是不可能的,那么实现我自己的最佳方法是什么(DummyAuthenticator)?

在上面的代码中我使用的DummyAuthenticator实现了Authenticator接口,但validateRequest方法中的servletRequest总是有一个空的parameterMap,我期待

0 个答案:

没有答案
相关问题
最新问题