Glassfish 3.1.2配置用于相互验证的客户端证书 [英] Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication

问题描述

我需要帮助配置GF3.1.2我做了以下更改，请让我知道，如果我失去了任何重要的，因为更改后它不工作。
我的ID是nilesh2811@gmail.com

I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is NOT working. my id is nilesh2811@gmail.com

我在论坛找不到任何特定的主题或答案，如果有任何链接会有所帮助。
如果您有任何文件，请转发。

I could not found any particular thread or answers in forum if any link is there will be helpful. if you have any document for this please forward.

请按需要

xml

web.xml

<login-config>
  <auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/faces/*</url-pattern>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <description/>
    <role-name>authorized</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>
<security-role>
  <description/>
  <role-name>authorized</role-name>
</security-role>

sun-web.xml

sun-web.xml

<security-role-mapping>
  <role-name>authorized</role-name>
  <principal-name>admin</principal-name>
  <group-name>authorized</group-name>
</security-role-mapping>

domain.xml

domain.xml

<security-service>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
    <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
    <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
    <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
    <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
    <property name="assign-groups" value="authorized"></property>
  </auth-realm>

推荐答案

login-config部分在您的网络中不完整。 xml

The login-config section is incomplete in your web.xml

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>certificate</realm-name>
</login-config>

域名内容必须与domain.xml中auth-realm元素的name属性匹配，在您的情况是证书

The realm-name content must match the name attribute of auth-realm element in domain.xml, which in your case is "certificate"

[updated]

[updated]

此外，CA证书必须导入服务器的信任库

In addition, the CA certificate must be imported in the server's truststore

${com.sun.aas.instanceRoot}/config/cacerts.jks

这篇关于Glassfish 3.1.2配置用于相互验证的客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！