Spring Security:アプリケーションをテストするためにSSLをオフにしたいのですが、client-cert X.509認証にはhttpsが必要ですか?
質問する
125 次
1 に答える
0
Yes it is necessary. It is also extremely trivial to set it up. Please see:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html
22.3 Setting up SSL in Tomcat
There are some pre-generated certificates in the samples/certificate directory in the Spring Security project. You can use these to enable SSL for testing if you don't want to generate your own. The file server.jks contains the server certificate, private key and the issuing certificate authority certificate. There are also some client certificate files for the users from the sample applications. You can install these in your browser to enable SSL client authentication.
To run tomcat with SSL support, drop the server.jks file into the tomcat conf directory and add the following connector to the server.xml file
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="${catalina.home}/conf/server.jks"
keystoreType="JKS" keystorePass="password"
truststoreFile="${catalina.home}/conf/server.jks"
truststoreType="JKS" truststorePass="password"
/>
clientAuth can also be set to want if you still want SSL connections to succeed even if the client doesn't provide a certificate. Clients which don't present a certificate won't be able to access any objects secured by Spring Security unless you use a non-X.509 authentication mechanism, such as form authentication.
于 2013-02-19T22:06:17.757 に答える