Glassfish 3.1.2 配置相互认证的客户端证书 [英] Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication

问题描述

我在配置 GF3.1.2 时需要帮助，我已经完成了以下更改，如果我遗漏了任何重要的内容，请告诉我，因为更改后它无法正常工作.我的 id 是 nilesh2811@gmail.com

I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is NOT working. my id is nilesh2811@gmail.com

如果有任何链接会有所帮助，我在论坛中找不到任何特定的主题或答案.如果您对此有任何文件，请转发.

I could not found any particular thread or answers in forum if any link is there will be helpful. if you have any document for this please forward.

请做必要的事情

web.xml

<login-config>
  <auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/faces/*</url-pattern>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <description/>
    <role-name>authorized</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>
<security-role>
  <description/>
  <role-name>authorized</role-name>
</security-role>

sun-web.xml

sun-web.xml

<security-role-mapping>
  <role-name>authorized</role-name>
  <principal-name>admin</principal-name>
  <group-name>authorized</group-name>
</security-role-mapping>

域.xml

<security-service>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
    <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
    <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
    <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
    <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
    <property name="assign-groups" value="authorized"></property>
  </auth-realm>

推荐答案

实际上我在 glassfish 3.1.2 上试了一下，它在以下情况下工作:

Actually I tries on glassfish 3.1.2 and it worked under following conditions:

1.我必须在相同的位置使用相同的 jks 类型的密钥(信任)存储.为了与其他证书格式对话，您必须将它们转换为 jks 格式可以处理的格式.

1.I have to use the same key(trust) store of jks type and in the same location. In order to talk with other certificate formats you have to convert them to format jks format can handle.

2.在 glassfish-web.xml 你应该有这样的映射

2.in a glassfish-web.xml you should have like this mapping

    <security-role-mapping>
      <role-name>manager</role-name>   
    <group-name>authorized</group-name>
    </security-role-mapping>

3.在 domain.xml 文件中你应该有以下内容:

3.in a domain.xml file you should have the followings:

<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
              <property name="assign-groups" value="authorized"></property>
            </auth-realm> 

注意:在 web.xml 中你必须有域名匹配 domain.xml 文件

Note: in web.xml you have to have realm name matching domain.xml file

这篇关于Glassfish 3.1.2 配置相互认证的客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！