我正在使用嵌入在我的 Java WebApp 项目中的 jetty 7。
我已经设置了 SSL,下一步是处理客户端证书身份验证。在我指定的 web.xml 中:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>EntireApp</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>allAuthenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
下面是 startserver 例程中的代码:
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(Integer.valueOf(httpPort1));
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStore(sslProperties.getKeyStore());
cf.setKeyStorePassword(sslProperties.getKeyPassword());
cf.setTrustStore(sslProperties.getTrustStore());
cf.setTrustStorePassword(sslProperties.getTrustStorePassword());
cf.setNeedClientAuth(true);
server.setConnectors(new Connector[]{ connector0, ssl_connector });
WebAppContext context = new WebAppContext();
context.setDescriptor("WebContent/WEB-INF/web.xml");
context.setResourceBase("WebContent");
context.setContextPath("/");
context.setParentLoaderPriority(true);
SecurityHandler secHandler = new ConstraintSecurityHandler();
//Authenticator authenticator = new ClientCertAuthenticator();
Authenticator authenticator = new DummyAuthenticator();
//probably I need something different, but what ?
LoginService loginService = new HashLoginService("Test Realm", "d:/downloads/test.properties");
secHandler.setRealmName("Test Realm");
secHandler.setLoginService(loginService);
secHandler.setAuthenticator(authenticator);
context.setSecurityHandler(secHandler);
server.setHandler(context);
try {
server.start();
server.join();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
我的问题是我应该将什么 loginservice 与 ClientCertAuthenticator 结合使用?或者,如果这不可能,实现我自己的 (DummyAuthenticator) 的最佳方法是什么?
在上面的代码中,我使用了 DummyAuthenticator,它只实现了 Authenticator 接口,但是 validateRequest 方法中的 servletRequest 总是在我期望的地方有一个空的 parameterMap