发表新帖
发表新帖

Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication

后端 未结
关注
4 642
[愿得一人]
[愿得一人] 2021-01-01 05:42

I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is NOT working. my id is niles

相关标签:
4条回答
  • 滥情空心
    2021-01-01 06:11

    Set

    Client Authentication: true

    in http-listener-2.

    0 讨论(0)
  • 旧巷少年郎
    2021-01-01 06:23

    The login-config section is incomplete in your web.xml

    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>certificate</realm-name>
</login-config>

    The realm-name content must match the name attribute of auth-realm element in domain.xml, which in your case is "certificate"

    [updated]

    In addition, the CA certificate must be imported in the server's truststore

    ${com.sun.aas.instanceRoot}/config/cacerts.jks
    0 讨论(0)
  • 暖寄归人
    2021-01-01 06:30

    Actually I tries on glassfish 3.1.2 and it worked under following conditions:

    1.I have to use the same key(trust) store of jks type and in the same location. In order to talk with other certificate formats you have to convert them to format jks format can handle.

    2.in a glassfish-web.xml you should have like this mapping 

        <security-role-mapping>
      <role-name>manager</role-name>   
    <group-name>authorized</group-name>
    </security-role-mapping>

    3.in a domain.xml file you should have the followings: 

    <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
              <property name="assign-groups" value="authorized"></property>
            </auth-realm>

    Note: in web.xml you have to have realm name matching domain.xml file

    0 讨论(0)
  • 梦谈多话
    2021-01-01 06:30

    When anyone will try this first time it will take time for them to understand, withing simple words, both client and server trust-stores should trust each other certificates, first it is better to use Self-signed certificates exchange certificates to server and client, one can use following article for help which has simplified steps. follow article then you can use your own methods certificates which ever u want.

    http://www.slideshare.net/krizsan/scdjws-5-study-notes-3085287

    SCDJWS 5 or nowadays know as Oracle Certified Professional, Java EE 5 Web Services Developer Study Notes by Ivan A Krizsan Version: February 23, 2012

    0 讨论(0)
 看不清?
提交回复
热议问题