Glassfish 3.1.2配置用于相互验证的客户端证书 [英] Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication
问题描述
我需要帮助配置GF3.1.2我做了以下更改,请让我知道,如果我失去了任何重要的,因为更改后它不工作。
我的ID是nilesh2811@gmail.com
I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is NOT working. my id is nilesh2811@gmail.com
我在论坛找不到任何特定的主题或答案,如果有任何链接会有所帮助。
如果您有任何文件,请转发。
I could not found any particular thread or answers in forum if any link is there will be helpful. if you have any document for this please forward.
请按需要
xml
web.xml
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/faces/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>authorized</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>authorized</role-name>
</security-role>
sun-web.xml
sun-web.xml
<security-role-mapping>
<role-name>authorized</role-name>
<principal-name>admin</principal-name>
<group-name>authorized</group-name>
</security-role-mapping>
domain.xml
domain.xml
<security-service>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
<property name="assign-groups" value="authorized"></property>
</auth-realm>
推荐答案
login-config部分在您的网络中不完整。 xml
The login-config section is incomplete in your web.xml
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>
域名内容必须与domain.xml中auth-realm元素的name属性匹配,在您的情况是证书
The realm-name content must match the name attribute of auth-realm element in domain.xml, which in your case is "certificate"
[updated]
[updated]
此外,CA证书必须导入服务器的信任库
In addition, the CA certificate must be imported in the server's truststore
${com.sun.aas.instanceRoot}/config/cacerts.jks
这篇关于Glassfish 3.1.2配置用于相互验证的客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!