gpt4 book ai didi

ssl - 如何使用 jetty 设置 2 路 SSL 身份验证连接

转载 作者:行者123 更新时间:2023-12-04 22:36:30 27 4
gpt4 key购买 nike

我想使用 2 路 ssl 连接器创建一个 servlet。
我创建了 test2wayssl.jks 并启动了 SslSelectChannelConnector
当我使用 客户端证书 从 postman 发送请求时, postman 的响应是

There was an error connecting to 127.0.0.1:29226/2wayssl.



下面是我的代码。但它不起作用。
Server server = new Server(29226);

SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("2-way-ssl-authentication/test2wayssl.jks");
sslContextFactory.setKeyStorePassword("123456");
sslContextFactory.setKeyManagerPassword("123456");
sslContextFactory.setTrustAll(true);

SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
sslConnector.setAllowRenegotiate(true);
sslConnector.setHost("localhost");
sslConnector.setServer(server);

server.addConnector(sslConnector);

ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(HelloServlet.class, "/2wayssl");
server.setHandler(handler);

try {
server.start();
} catch (Exception e) {
e.printStackTrace(); // TODO impl
}

下面是我的servlet类
  @SuppressWarnings("serial")
public static class HelloServlet extends HttpServlet
{
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws IOException
{
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("text/html");
response.setCharacterEncoding("utf-8");
response.getWriter().println("<h1>2 Way SSL Authentication</h1>");
}
}

任何帮助表示赞赏。

最佳答案

SslSelectChannelConnector来自 Jetty 8 及以上 which are now EOL/End of Life , 且不支持客户端证书,请先升级到 Jetty 受支持且稳定的版本。

使用 Jetty 9.4.27.v20200227 的方法是使用 SslContextFactory.Server和一个(或两个)选项

  • setWantClientAuth(true)在与 javax.net.ssl.SSLParameters.getWantClientAuth() 相关的 SSL 连接上打开 JVM 功能
  • setNeedClientAuth(true)在与 javax.net.ssl.SSLParameters.getNeedClientAuth() 相关的 SSL 连接上打开 JVM 功能

  • 例子:

    Server server = new Server();
    int httpsPort = 8443;

    // Setup HTTP Connector
    HttpConfiguration httpConf = new HttpConfiguration();
    httpConf.setSecurePort(httpsPort);
    httpConf.setSecureScheme("https");

    // Setup SSL
    SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
    sslContextFactory.setKeyStoreResource(findKeyStorePath());
    sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    sslContextFactory.setWantClientAuth(true); // Option 1
    sslContextFactory.setNeedClientAuth(true); // Option 2

    // Setup HTTPS Configuration
    HttpConfiguration httpsConf = new HttpConfiguration();
    httpsConf.setSecureScheme("https");
    httpsConf.setSecurePort(httpsPort);
    httpsConf.addCustomizer(new SecureRequestCustomizer()); // adds ssl info to request object

    // Establish the HTTPS ServerConnector
    ServerConnector httpsConnector = new ServerConnector(server,
    new SslConnectionFactory(sslContextFactory,"http/1.1"),
    new HttpConnectionFactory(httpsConf));
    httpsConnector.setPort(httpsPort);

    server.addConnector(httpsConnector);

    // Add a Handlers for requests
    HandlerList handlers = new HandlerList();
    handlers.addHandler(new SecuredRedirectHandler());
    handlers.addHandler(new HelloHandler("Hello Secure World"));
    server.setHandler(handlers);

    server.start();
    server.join();

    关于ssl - 如何使用 jetty 设置 2 路 SSL 身份验证连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60574255/

    27 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com