基于证书和IP的身份验证 [英] Authentication based on Certificates and IP

问题描述

有一种方法让java web应用程序通过http请求获取安装在机器上的安全证书的信息，如果在机器上安装了特定的证书，则选择性地授予访问权限。

Is there a way for a java web app to get information on the security certificates installed on one's machine via a http request and selectively grant access if a particular certifiicate is installed on the machine.

基本上，要求是，web应用程序只能从公司笔记本电脑接收请求，否则必须拒绝访问相应的错误文本。

Basically the requirement is, the web application should entertain request only from a company laptop else must deny access with appropriate error text.

（这些可以是在其计算机上安装了某些证书的笔记本电脑，或者可以来自一组静态ips。）

(These could be win laptops with certain certifcates installed on their machine or they can be from a certain set of static ips.)

推荐答案

是的，这是可能使用HTTPS客户端证书。准确的设置和配置取决于您的应用程序服务器和特定要求，但常见的情况是您创建公司内部CA（证书颁发机构）颁发客户端证书，这些证书可能仅限于特定的客户端IP地址，并配置应用程序服务器HTTPS连接器，以要求客户端证书并信任您自己的CA颁发的证书。

Yes, this is possible using HTTPS client certificates. The exact setup and configuration depends on your application server and specific requirements, but a common scenario woul be that you create a company internal CA (certification authority) to issue the client certificates which may be restricted to specific client IP addresses and configure your application server's HTTPS connector to require a client certificate and to trust certificates issued by your own CA.

完成正确的配置后，客户端证书通过servlet请求属性可用于Web应用程序：

After the proper configuration has been done, the client certificate(s) is/are made available to the web application through a servlet request attribute:

X509Certificate[] certificates = (X509Certificate[])
    request.getAttribute("javax.servlet.request.X509Certificate");

这篇关于基于证书和IP的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！