我正在开发Web应用程序以实现基于证书的登录。 我正在使用tomcat 7,我已经配置了如下所示的http连接器,以及在我的项目web.xml上配置为CLIENT-CERT的auth方法
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" crlFile="C:\\Users\\certcrl.crl" keystoreFile="C:\\Users\\tomcat.keystore" keystorePass="changeit" keystoreType="JKS" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="C:\\Users\\tomcat.truststore" truststorePass="changeit" truststoreType="JKS"/>
<security-constraint>
<display-name>SecurityFilter</display-name>
<web-resource-collection>
<web-resource-name>UCMSFilter</web-resource-name>
<url-pattern>/**</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>UCMSFilter</realm-name>
</login-config>
当我配置clientAuth = true时,它工作正常,因为它忽略了web.xml配置,但是当我将其设置为 false 时,它会引发错误。
我想clientauth = false,因为我想在加载登录页面后提示用户输入证书。
当启动应用程序时,它会在我验证服务器证书后立即验证ssl证书,它会在出现错误时抛出该证书。
提示此客户端证书后,但当我选择该证书时,它会导致相同的异常套接字关闭。
java.net.SocketException: Socket Closed
at java.net.AbstractPlainSocketImpl.setOption(Unknown Source)
at java.net.PlainSocketImpl.setOption(Unknown Source)
at java.net.Socket.setSoTimeout(Unknown Source)
at sun.security.ssl.SSLSocketImpl.setSoTimeout(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:204)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:153)
at org.apache.coyote.http11.Http11Processor.actionInternal(Http11Processor.java:344)
at org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:849)
at org.apache.coyote.Request.action(Request.java:344)
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:137)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
请帮助我。