让java插件使用浏览器证书
我们有一个 java applet,它与运行在 tomcat 上并使用 spring 的 http 调用程序的 spring 应用程序进行通信。
我们希望使用 ssl 和客户端身份验证来保护小程序的安全,我们有一个用于登录的 jsp 页面,成功登录后小程序将加载。
jsp页面使用ssl进行保护,当小程序加载小程序内的http调用程序时,正在进行第二次握手,显然与浏览器握手无关,好吧,我不介意,但我希望java插件使用浏览器证书和客户端证书,但事实并非如此,我必须也使用 java ControlPanel 将客户端证书加载到 java 插件,如果我的服务器的证书是自签名的,那么我还必须将服务器证书加载到 java ControlPanel 和 nrowser。
另一件事是,当小程序开始加载 java 插件时,会弹出一个对话框,询问客户端密钥库密码,我想避免这种情况。
所以得出结论:我希望 java 插件使用浏览器的可信证书和客户端证书,并避免弹出密钥库密码对话框。
我已经用谷歌搜索了两天,但找不到任何关于如何实现这一目标的线索。
我将不胜感激任何帮助。
我使用的是jdk 1.6.0 u23和firefox 3.6.13。
We have a java applet that communicates with a spring application running on tomcat and using spring's http invoker.
We want to secure the applet using ssl with client authentication, we have a jsp page for login, after successful login the applet loads.
The jsp page is secured with ssl, when the applet loads the http invoker inside the applet is doing a second handshake apparently not related to the browser handshake, OK, I don't mind that, but I want the java plugin to use browser certificates and client certificates but its not, I have to load the client certificate to the java plugin also using the java ControlPanel, and if my server's certificate is self signed then I have to load the server certificate also to the java ControlPanel and to the nrowser.
Another thing is when the applet starts loading the java plugin pops a dialog asking for the client keystore password, I would like to avoid that.
So to conclude: I would like the java plugin to use the browser's trusted certificates and client certificates, and to avoid the keystore password dialog that pops up.
I have googled for it for two days and can't find any clue of how to accomplish that.
I will appreciate any help.
I'm using jdk 1.6.0 u23 and firefox 3.6.13.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Java有自己的
keystore数据库来保存这些客户端证书,这是由3个变量控制的;例如;
为了能够使用它,您必须使用
keytool程序(JRE/JDK附带)来转换&将客户端证书添加到密钥库中,< code>here 是有关如何执行此操作的示例。Java has its own
keystoredatabase which holds these client certificates, this is controlled by 3 variables;for example;
To be able to use this, you have to use
keytoolprogram (that comes with JRE/JDK) to convert & add client certificates into the keystore,hereis an example on how to do this.Java 插件文档表示小程序可以访问浏览器密钥库:
http://www.java.net/external?url=http://java.sun.com/javase/6/docs/technotes/ guides/deployment/deployment-guide/keystores.html
但不幸的是,文档很少,我从未尝试这样做。
祝你好运,如果你找到了你的解决方案,请在这里发布!
Java plugin documentation says its possible to applets access the browser keystore:
http://www.java.net/external?url=http://java.sun.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html
But unfortunaly, the docs are sparse and I never tried to do that.
Good luck and post your solution here if you find it!