我想使用2路ssl连接器创建一个servlet。我创建了test2wayssl.jks并启动了SslSelectChannelConnector当我用客户证书从邮递员发送请求时,邮递员的响应为
连接到127.0.0.1:29226/2wayssl时出错。
以下是我的代码。但这行不通。
Server server = new Server(29226);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("2-way-ssl-authentication/test2wayssl.jks");
sslContextFactory.setKeyStorePassword("123456");
sslContextFactory.setKeyManagerPassword("123456");
sslContextFactory.setTrustAll(true);
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
sslConnector.setAllowRenegotiate(true);
sslConnector.setHost("localhost");
sslConnector.setServer(server);
server.addConnector(sslConnector);
ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(HelloServlet.class, "/2wayssl");
server.setHandler(handler);
try {
server.start();
} catch (Exception e) {
e.printStackTrace(); // TODO impl
}
下面是我的servlet类
@SuppressWarnings("serial")
public static class HelloServlet extends HttpServlet
{
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws IOException
{
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("text/html");
response.setCharacterEncoding("utf-8");
response.getWriter().println("<h1>2 Way SSL Authentication</h1>");
}
}
感谢您的帮助。
[SslSelectChannelConnector来自Jetty 8和更早的which are now EOL/End of Life,并且不支持客户端证书,请首先升级到受支持的稳定版本的Jetty。
[使用Jetty 9.4.27.v20200227如何做到这一点是通过使用SslContextFactory.Server和一个(或两个)选项)>
setWantClientAuth(true),它打开与javax.net.ssl.SSLParameters.getWantClientAuth()相关的SSL连接上的JVM功能javax.net.ssl.SSLParameters.getWantClientAuth(),它打开与setNeedClientAuth(true)相关的SSL连接上的JVM功能示例:
javax.net.ssl.SSLParameters.getNeedClientAuth()