在Web服务调用getUserPrincipal()返回匿名 [英] Calling getUserPrincipal() in a Web Service returns ANONYMOUS
问题描述
大家好,我试图用我的web服务和客户端应用程序之间的平原SSL。它们都在GlassFish中2.1.1运行并各自在单独的域。客户端应用程序本身就是Web应用程序,我有添加JVM选项-Dcom.sun.enterprise.security.httpsOutboundKeyAlias =为s1as为了得到它发送它的证书到Web服务。
Hello everyone I'm trying to use plain SSL between my web service and a client application. They are both running in GlassFish 2.1.1 and are each in seperate domains. The client application is itself web application and I have add the JVM option -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as in order to get it to send it's certificate to the Web Services.
我已经做了证书导入到每个人的信任卖场和工作的。问题是,我需要做一些事情,在Web服务客户端证书,但调用我早些时候宣布总是返回匿名WebServiceContext的getUserPrincipal方法。
I've done the importing of the certificates into each others trust stores and it all works. The problem is that I need to do some things with the client certificate in the Web Service, but calling the getUserPrincipal method of the WebServiceContext that I declared earlier always returns ANONYMOUS.
为什么这样做的,我怎么能回去有什么证书中。
Why is it doing this and how can I get back what's in the certificate.
编辑:
我想我应该指出,我创建了一个CA和创建了是由CA对WS与客户签订新的私钥和证书。我的私有密钥添加到使用相同S1AS默认名称和新的签名证书以及CA证书他们的信任存储的密钥库。
edit: I guess I should mention that I created a CA and created new private keys and certificates which were signed by the CA for both the WS and the Client. I add the private keys to their keystores using the same S1AS default name and the new signed certificates plus the CA certificate to their trust stores.
我保护WS与web.xml中的以下规则:
I am protecting the WS with the following rule in web.xml:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>Customer</web-resource-name>
<description/>
<url-pattern>/basecustomer*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>WSClient</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>
<security-role>
<description/>
<role-name>WSClient</role-name>
</security-role>
在我的sun-web.xml中的以下内容:
And the following in my sun-web.xml:
<security-role-mapping>
<role-name>WSClient</role-name>
<group-name>WSClient</group-name>
</security-role-mapping>
终于在GlassFish中配置下 - >安全 - >国度 - >证书我告诉它分配组:WSClient
And finally in GlassFish under the Configuration -> Security -> Realms -> certificate I told it to Assign Group: WSClient
推荐答案
不能够解决这个问题,我要等待3.1的GlassFish由库马尔贾扬蒂这里介绍其中增加了更多的身份验证选项到证书后境界:
<一href=\"http://weblogs.java.net/blog/kumarjayanti/archive/2010/03/25/custom-authentication-client-certificate-mutual-ssl-scenarios-g\" rel=\"nofollow\">http://weblogs.java.net/blog/kumarjayanti/archive/2010/03/25/custom-authentication-client-certificate-mutual-ssl-scenarios-g
After not being able to resolve this issue, I'm going to wait for GlassFish 3.1 which adds more authentication options to the certificate realm as described by Kumar Jayanti here: http://weblogs.java.net/blog/kumarjayanti/archive/2010/03/25/custom-authentication-client-certificate-mutual-ssl-scenarios-g
我希望,这个我可以解决这个问题。一旦我试过了,在最后GlassFish的3.1版本,我会发布更新。
I hope that with this I can get around this issue. I'll post an update once I've tried it out on the final GlassFish 3.1 release.
这篇关于在Web服务调用getUserPrincipal()返回匿名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!