当码头服务器上的客户端身份验证失败时,浏览器上会出现空白屏幕
Blank screen comes on browser when client auth fails on jetty server
我使用嵌入式码头服务器创建了一个 Java rest API 并启用了客户端身份验证。在客户端身份验证中,我获取客户端证书的 CN 并查看它是否是允许的。
我创建了一个过滤器 class 来处理上述客户端身份验证逻辑。但是,当客户端身份验证失败并且过滤器为 returns 时,没有任何响应被发回并且浏览器上出现空白屏幕,从那里点击 API。理想情况下,它应该响应一些错误。
我正在从已经添加了有效客户端证书的浏览器中点击 API
在过滤器的响应对象中,我已经在响应中添加了一个return状态和一些其他的东西来让它结束请求但是没有用。
Enabling client auth which configuring SslContextFactory:
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword("changeit");
sslContextFactory.setKeyManagerPassword("changeit");
sslContextFactory.setCertAlias("selfsignlatest");
sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setTrustStore(keyStore);
sslContextFactory.setTrustStorePassword("changeit");
Filter class doFilter method:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.debug("Filtering incoming request....");
boolean isValid = false;
HttpServletRequest httpreq = (HttpServletRequest) request;
HttpServletResponse httpresp = (HttpServletResponse) response;
X509Certificate[] certificates = (X509Certificate[]) httpreq.getAttribute("javax.servlet.request.X509Certificate");
if(certificates!=null && certificates.length>0) {
for(X509Certificate cert: certificates) {
commanName = getCNfromDomainName(cert.getSubjectX500Principal().getName());
if(commanName!=null && commanName.equals("clientjetty")) {
isValid = true;
break;
}
}
}
if(isValid) {
chain.doFilter(request, response);
}else {
httpresp.reset();
httpresp.setHeader("Connection", "close");
httpresp.setStatus(HttpStatus.SC_UNAUTHORIZED);
httpresp.flushBuffer();
httpresp.sendError(-1);
return;
}
}
替换...
httpresp.reset();
httpresp.setHeader("Connection", "close");
httpresp.setStatus(HttpStatus.SC_UNAUTHORIZED);
httpresp.flushBuffer();
httpresp.sendError(-1);
与...
httpresp.setHeader("Connection", "close");
httpresp.sendError(HttpStatus.SC_UNAUTHORIZED);
我使用嵌入式码头服务器创建了一个 Java rest API 并启用了客户端身份验证。在客户端身份验证中,我获取客户端证书的 CN 并查看它是否是允许的。 我创建了一个过滤器 class 来处理上述客户端身份验证逻辑。但是,当客户端身份验证失败并且过滤器为 returns 时,没有任何响应被发回并且浏览器上出现空白屏幕,从那里点击 API。理想情况下,它应该响应一些错误。 我正在从已经添加了有效客户端证书的浏览器中点击 API
在过滤器的响应对象中,我已经在响应中添加了一个return状态和一些其他的东西来让它结束请求但是没有用。
Enabling client auth which configuring SslContextFactory:
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword("changeit");
sslContextFactory.setKeyManagerPassword("changeit");
sslContextFactory.setCertAlias("selfsignlatest");
sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setTrustStore(keyStore);
sslContextFactory.setTrustStorePassword("changeit");
Filter class doFilter method:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.debug("Filtering incoming request....");
boolean isValid = false;
HttpServletRequest httpreq = (HttpServletRequest) request;
HttpServletResponse httpresp = (HttpServletResponse) response;
X509Certificate[] certificates = (X509Certificate[]) httpreq.getAttribute("javax.servlet.request.X509Certificate");
if(certificates!=null && certificates.length>0) {
for(X509Certificate cert: certificates) {
commanName = getCNfromDomainName(cert.getSubjectX500Principal().getName());
if(commanName!=null && commanName.equals("clientjetty")) {
isValid = true;
break;
}
}
}
if(isValid) {
chain.doFilter(request, response);
}else {
httpresp.reset();
httpresp.setHeader("Connection", "close");
httpresp.setStatus(HttpStatus.SC_UNAUTHORIZED);
httpresp.flushBuffer();
httpresp.sendError(-1);
return;
}
}
替换...
httpresp.reset();
httpresp.setHeader("Connection", "close");
httpresp.setStatus(HttpStatus.SC_UNAUTHORIZED);
httpresp.flushBuffer();
httpresp.sendError(-1);
与...
httpresp.setHeader("Connection", "close");
httpresp.sendError(HttpStatus.SC_UNAUTHORIZED);