如何设置TLS Server以在Spring集成中验证客户端？ [英] How to setup TLS Server to authenticate client in spring integration?

问题描述

请参阅使用SSL / TLS运行客户端。这解释了服务器执行客户端身份验证的方案。我正在使用Spring Integration来处理TLS连接。我的spring-context文件是：

Refer to Running the client with SSL/TLS. This explains a scenario where server does a client authentication. I am using Spring Integration to process TLS connections. My spring-context file is:

   <bean id="sslContextSupport"
        class="org.springframework.integration.ip.tcp.connection.DefaultTcpSSLContextSupport">
        <constructor-arg value="file:keystore.jks"/>
        <constructor-arg value="file:truststore.jks"/>
        <constructor-arg value="keystorepass"/>
        <constructor-arg value="trustpass"/>
    </bean>

    <int-ip:tcp-connection-factory id="crLfServer"
            type="server"
            port="${availableServerSocket}"
            single-use="true"
            so-timeout="10000"
            using-nio="false"
            ssl-context-support="sslContextSupport" />

我的服务器正在接受SSL连接并使用我的服务器和客户端上安装的证书进行处理。
我不确定是否为客户端身份验证设置了上述spring配置。是在SSL转换级别或应用程序代码中完成的客户端身份验证吗？

My Server is accepting SSL connections and processing with certificates installed on my server and client. I am not sure whether the above spring configuration is setup for client authentication or not. is the client authentication done at the SSL transaport level or in the Application code?

推荐答案

Spring Integration DefaultTcpSSLContextSupport 完全基于 SSLContext sslContext = SSLContext.getInstance（protocol）; 。因此，您在标准Java SSL / TLS文档中看到的内容也适用于此处。

The Spring Integration DefaultTcpSSLContextSupport is fully based on the SSLContext sslContext = SSLContext.getInstance(protocol);. So, what you see in the standard Java SSL/TLS documentation is applied here as well.

因为您的< int-ip：tcp -connection-factory> 生成type =server，这肯定是

Since that your <int-ip:tcp-connection-factory> produces type="server", that is definitely the case of

服务器的情况客户端身份验证

the server does client authentication

所有硬SSL工作都在 SSLContext 层中完成，不在 TcpNetServerConnectionFactory 中，如果这是问题。

All the hard SSL work is done in the SSLContext layer, not in the TcpNetServerConnectionFactory, if that is the question.

换句话说：它并不重要是否是Spring Integration。一切都与用户标准SSL / TLS方法的任何其他Java应用程序的工作方式相同。

In other words: it doesn't matter that it is Spring Integration or not. Everything works the same way as in any other Java application which users standard SSL/TLS approach.

这篇关于如何设置TLS Server以在Spring集成中验证客户端？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！