9

我已经设置了一个 Tomcat 7.0 应用程序服务器,通过 SSL 进行相互(客户端/服务器)身份验证。要设置此配置,我需要为服务器创建一个 .jks 文件,并在我的 Web 浏览器中创建一个 .pks 证书。在 Tomcat 中配置 server.xml 文件后,我进行了相互身份验证和 SSL 工作。现在我试图在 servlet 中获取证书,但是我似乎无法从 servlet 中的请求中获取证书。我可以设置一个过滤器,成功地从请求中提取证书。谁能给我提供一个配置/代码,让我从 servlet 中获取证书?我也会接受为什么我无法在 servlet 中获得证书的原因。

服务器.xml

<Connector
 clientAuth="true" port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 scheme="https" secure="true"
 keystoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
 keystoreType="JKS" keystorePass="notmypassword"
 truststoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
 truststoreType="JKS" truststorePass="notmypassword"
 SSLVerifyClient="require" SSLVerifyDepth="2" sslProtocol="TLS"
/>

MyServlet.java - 这会引发 RuntimeException,因为在点击 url 时找不到证书:https://localhost:8443/Sample_Application/MyServlet

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
            if (null != certs && certs.length > 0) {
                System.out.println("cert found");
            }
            throw new RuntimeException("No X.509 client certificate found in request");
    }

MyServlet 映射

<servlet>
    <description>
    </description>
    <display-name>MyServlet</display-name>
    <servlet-name>MyServlet</servlet-name>
    <servlet-class>MyServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>MyServlet</servlet-name>
    <url-pattern>/MyServlet</url-pattern>
</servlet-mapping>

MyFilter.java - 点击 url 时返回“找到证书”:https://localhost:8443/Sample_Application/test.jsp

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
     X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
        if (null != certs && certs.length > 0) {
            System.out.println("cert found");
        }
        //throw new RuntimeException("No X.509 client certificate found in request");
    chain.doFilter(request, response);
}

我的过滤器映射

<filter>
    <description>
    </description>
    <display-name>MyFilter</display-name>
    <filter-name>MyFilter</filter-name>
    <filter-class>MyFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
</filter-mapping>
4

1 回答 1

9

这是工作。但是,Servlet 被编码为总是抛出 RuntimeException,所以看起来它不起作用。

于 2012-04-25T10:06:04.767 回答