WebLogic 8.1上的WebLogic 8.1双向SSL身份验证完整示例? [英] WebLogic 8.1 two-way SSL authentication on a web app full example?
问题描述
是否有人拥有WebLogic 8.1双向SSL完整示例?
Does anybody has a WebLogic 8.1 two-way SSL full example?
我正在开发一个小型Web应用程序(1个HTML,1个Servlet,1个JSP)来发送机密数据。客户端可以是Web浏览器。服务器是WebLogic 8.1。
I am developing a small web application (1 HTML, 1 Servlet, 1 JSP) to send confidential data. The client could be a web browser. The server is WebLogic 8.1.
信息应加密传输。此外,Web应用程序需要使用多个用户名/密码组合来验证客户端。我想用HTTPS和双向SSL实现认证。这样,用户应该将她的证书发送给我,我安装在服务器中,这样Web应用程序就可以知道它何时发送信息。
The information should travel encrypted. Besides, the web application needs to authenticate the client, using more than a username/password combination. I thought implementing using HTTPS and two-way SSL authentication. This way, the user should send me her certificate, I installed in the server, so the web application could know when it is sending information.
现在,我知道如何在Web应用程序中使用声明性授权,但我对如何指定我识别的用户以及哪些用户证书感到迷茫。
Now, I know how to use declarative authorization in a web application, but I am lost on how specify which users I recognize, and which are their certificates.
我只需要一个完整的例子。一个.war和/或做基本案例的步骤。
I just need a full example of this. A .war and/or the steps to do the basic case.
推荐答案
我认为你不会找到一个完整的示例很容易,问题有点宽泛。但是您提供的链接是一个非常好的起点。
I don't think you'll find a full example easily and the question is a bit broad. But the link your provided is a very good starting point.
首先配置双向SSL 并使用CLIENT-CERT。客户端需要购买可信客户端证书或生成您需要添加到服务器信任库的自签名证书。如果您不熟悉PKI,这可能是最困难的部分,但我在本答案的最后添加了资源,涵盖了这一部分。在每个客户端浏览器中加载客户端证书。
First configure Two-Way SSL and use CLIENT-CERT. Clients will need to buy a trusted client certificate or to generate a self-signed certificate that you'll need to add to the server trust store. This may be the hardest part if you're not familiar with PKI but I've added resources at the end of this answer that cover this part. Load the client certificate in each client browsers.
其次,配置标识声明提供程序,以将Web浏览器的数字证书映射到WebLogic Server安全领域中的用户。如果需要,请提供您自己的用户名映射器或使用默认值(使用数字证书的主题DN或专有名称中的属性映射到WebLogic Server安全领域中的相应用户)。
Second, configure an Identity Assertion provider to map the digital certificate of a Web browser to a user in a WebLogic Server security realm. If required, provide your own user name mapper or use the default one (which uses the attributes from the subject DN of the digital certificate or the distinguished name to map to the appropriate user in the WebLogic Server security realm).
第三,添加用户对应于Weblogic Security Realm中客户端数字证书中的Subject的可分辨名称(SubjectDN)属性,并将它们分配给组。
Third, add users corresponding to the Subject's Distinguished Name (SubjectDN) attribute in the client's digital certificate in Weblogic Security Realm and assign them to groups.
最后,在您的<中使用这些组a href =http://download.oracle.com/docs/cd/E13222_01/wls/docs81/security/thin_client.html#1045984 =nofollow noreferrer>声明性授权。
当然,如果一切都是新的,那就不那么容易了基本上你需要做什么。如果您需要更多指导,也许可以开始实施它并打开更具体的问题。
Sure, it won't be that easy if everything is new but that's basically what you need to do. Maybe start to implement it and open more specific questions if you need more guidance.
更多资源:
- Weblogic for Developers中的双向SSL
- 相互认证的15分钟指南
- WebLogic中的用户映射证书
- 如何为Oracle设置X509证书身份验证WebLogic Server (可转换为WLS 8.1)
- Two-Way SSL in Weblogic for Developers
- The Fifteen Minute Guide to Mutual Authentication
- Certificate to User Mapping in WebLogic
- How to Set Up X509 Certificate Authentication for Oracle WebLogic Server (transposable to WLS 8.1)
这篇关于WebLogic 8.1上的WebLogic 8.1双向SSL身份验证完整示例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
