如何使用jetty建立2路SSL认证连接
How to use jetty to set up 2 way SSL Authentication Connection
我想使用 2 路 ssl 连接器创建一个 servlet。
我创建了 test2wayssl.jks 并启动了 SslSelectChannelConnector
当我使用 客户端证书 从邮递员发送请求时,邮递员的响应是
There was an error connecting to 127.0.0.1:29226/2wayssl.
下面是我的代码。但它不起作用。
Server server = new Server(29226);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("2-way-ssl-authentication/test2wayssl.jks");
sslContextFactory.setKeyStorePassword("123456");
sslContextFactory.setKeyManagerPassword("123456");
sslContextFactory.setTrustAll(true);
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
sslConnector.setAllowRenegotiate(true);
sslConnector.setHost("localhost");
sslConnector.setServer(server);
server.addConnector(sslConnector);
ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(HelloServlet.class, "/2wayssl");
server.setHandler(handler);
try {
server.start();
} catch (Exception e) {
e.printStackTrace(); // TODO impl
}
下面是我的 servlet class
@SuppressWarnings("serial")
public static class HelloServlet extends HttpServlet
{
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws IOException
{
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("text/html");
response.setCharacterEncoding("utf-8");
response.getWriter().println("<h1>2 Way SSL Authentication</h1>");
}
}
感谢任何帮助。
SslSelectChannelConnector 来自 Jetty 8 及更早版本 which are now EOL/End of Life,不支持客户端证书,请先升级到受支持的稳定版 Jetty。
如何使用 Jetty 9.4.27.v20200227 完成此操作的方法是使用 SslContextFactory.Server 和一个(或两个)选项
setWantClientAuth(true) 在与 javax.net.ssl.SSLParameters.getWantClientAuth()setNeedClientAuth(true) 在与 javax.net.ssl.SSLParameters.getNeedClientAuth()
示例:
Server server = new Server();
int httpsPort = 8443;
// Setup HTTP Connector
HttpConfiguration httpConf = new HttpConfiguration();
httpConf.setSecurePort(httpsPort);
httpConf.setSecureScheme("https");
// Setup SSL
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStoreResource(findKeyStorePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
sslContextFactory.setWantClientAuth(true); // Option 1
sslContextFactory.setNeedClientAuth(true); // Option 2
// Setup HTTPS Configuration
HttpConfiguration httpsConf = new HttpConfiguration();
httpsConf.setSecureScheme("https");
httpsConf.setSecurePort(httpsPort);
httpsConf.addCustomizer(new SecureRequestCustomizer()); // adds ssl info to request object
// Establish the HTTPS ServerConnector
ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,"http/1.1"),
new HttpConnectionFactory(httpsConf));
httpsConnector.setPort(httpsPort);
server.addConnector(httpsConnector);
// Add a Handlers for requests
HandlerList handlers = new HandlerList();
handlers.addHandler(new SecuredRedirectHandler());
handlers.addHandler(new HelloHandler("Hello Secure World"));
server.setHandler(handlers);
server.start();
server.join();
我想使用 2 路 ssl 连接器创建一个 servlet。 我创建了 test2wayssl.jks 并启动了 SslSelectChannelConnector 当我使用 客户端证书 从邮递员发送请求时,邮递员的响应是
There was an error connecting to 127.0.0.1:29226/2wayssl.
下面是我的代码。但它不起作用。
Server server = new Server(29226);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("2-way-ssl-authentication/test2wayssl.jks");
sslContextFactory.setKeyStorePassword("123456");
sslContextFactory.setKeyManagerPassword("123456");
sslContextFactory.setTrustAll(true);
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
sslConnector.setAllowRenegotiate(true);
sslConnector.setHost("localhost");
sslConnector.setServer(server);
server.addConnector(sslConnector);
ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(HelloServlet.class, "/2wayssl");
server.setHandler(handler);
try {
server.start();
} catch (Exception e) {
e.printStackTrace(); // TODO impl
}
下面是我的 servlet class
@SuppressWarnings("serial")
public static class HelloServlet extends HttpServlet
{
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws IOException
{
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("text/html");
response.setCharacterEncoding("utf-8");
response.getWriter().println("<h1>2 Way SSL Authentication</h1>");
}
}
感谢任何帮助。
SslSelectChannelConnector 来自 Jetty 8 及更早版本 which are now EOL/End of Life,不支持客户端证书,请先升级到受支持的稳定版 Jetty。
如何使用 Jetty 9.4.27.v20200227 完成此操作的方法是使用 SslContextFactory.Server 和一个(或两个)选项
setWantClientAuth(true)在与javax.net.ssl.SSLParameters.getWantClientAuth() 相关的 SSL 连接上打开 JVM 功能
setNeedClientAuth(true)在与javax.net.ssl.SSLParameters.getNeedClientAuth() 相关的 SSL 连接上打开 JVM 功能
示例:
Server server = new Server();
int httpsPort = 8443;
// Setup HTTP Connector
HttpConfiguration httpConf = new HttpConfiguration();
httpConf.setSecurePort(httpsPort);
httpConf.setSecureScheme("https");
// Setup SSL
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStoreResource(findKeyStorePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
sslContextFactory.setWantClientAuth(true); // Option 1
sslContextFactory.setNeedClientAuth(true); // Option 2
// Setup HTTPS Configuration
HttpConfiguration httpsConf = new HttpConfiguration();
httpsConf.setSecureScheme("https");
httpsConf.setSecurePort(httpsPort);
httpsConf.addCustomizer(new SecureRequestCustomizer()); // adds ssl info to request object
// Establish the HTTPS ServerConnector
ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,"http/1.1"),
new HttpConnectionFactory(httpsConf));
httpsConnector.setPort(httpsPort);
server.addConnector(httpsConnector);
// Add a Handlers for requests
HandlerList handlers = new HandlerList();
handlers.addHandler(new SecuredRedirectHandler());
handlers.addHandler(new HelloHandler("Hello Secure World"));
server.setHandler(handlers);
server.start();
server.join();