📄 security7.html
字号:
<a name="wp377047"> </a><p class="pBody">In this example, the keystore file <code class="cCode">(keystore.jks</code>) and the trust-store file (<code class="cCode">cacerts.jks</code>) have already been created for a generic <code class="cCode">localhost</code> and are included with the J2EE 1.4 Application Server in the directory<code class="cCode"> <</code><code class="cVariable">J2EE_HOME</code><code class="cCode">>/domains/domain1/config/</code>. These files were created using the following steps, which are discussed in more detail in <a href="Security6.html#wp80737"></a><a href="Security6.html#wp80737">Setting Up Digital Certificates</a>.</p><div class="pSmartList1"><ol type="1" class="pSmartList1"><a name="wp157388"> </a><div class="pSmartList1"><li>Create a server certificate in the file <code class="cCode">keystore.jks</code>.</li></div><a name="wp157396"> </a><div class="pSmartList1"><li>Export the certificate. </li></div><a name="wp157426"> </a><div class="pSmartList1"><li>Import the certificate into the trust-store, <code class="cCode">cacerts.jks</code>.</li></div><a name="wp157434"> </a><div class="pSmartList1"><li>Create a client certificate in the client keystore.</li></div><a name="wp157435"> </a><div class="pSmartList1"><li>Export the certificate. </li></div><a name="wp157437"> </a><div class="pSmartList1"><li>Import the certificate into the trust-store, <code class="cCode">cacerts.jks</code>.</li></div></ol></div><a name="wp153397"> </a><h4 class="pHeading3">Modifying the Build Properties</h4><a name="wp153398"> </a><p class="pBody">To build and run the application with mutual authentication, we have set up the example so that some of the values are passed to the application from various <code class="cCode">build.properties</code> files. </p><a name="wp249213"> </a><p class="pBody">To run any of the examples, you need to modify the <code class="cCode">build.properties</code> file located in the <code class="cVariable"><INSTALL>/</code><code class="cCode">j2eetutorial14/examples/common/</code> directory to provide the location where the J2EE 1.4 Application Server is installed. If you need more information, see <a href="WebApp3.html#wp213795">Setting Up To Build and Deploy Tutorial Examples</a>.</p><a name="wp253036"> </a><p class="pBody">For this example, the <code class="cCode">build.properties</code> file that is specific to this application, <code class="cVariable"><INSTALL>/</code><code class="cCode">j2eetutorial14/examples/security/common/build.properties</code>, has been modified for you. This file provides specific information about the JAX-RPC examples to the <code class="cCode">asant</code> targets we will be running later regarding the location of the keystore and trust-store files and their associated passwords. </p><a name="wp253040"> </a><p class="pBody">Make sure that the following properties exist and are correctly defined. </p><div class="pPreformattedRelative"><pre class="pPreformattedRelative">trust.store=${j2ee.home}/domains/domain1/config/cacerts.jks trust.store.password=changeitkey.store=${j2ee.home}/domains/domain1/config/keystore.jkskey.store.password=changeit<a name="wp253044"> </a></pre></div><a name="wp153480"> </a><h4 class="pHeading3">Setting Security Properties in the Client Code</h4><a name="wp153482"> </a><p class="pBody">The source code for the client is in the <code class="cCode">HelloClient.java</code> file of the <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/mutualauthclient/src/</code> directory. For mutual authentication, the client code must set several security-related properties. These values are passed into the client code when the <code class="cCode">asant</code> <code class="cCode">build</code> and <code class="cCode">run</code> tasks are executed.</p><div class="pSmartList1"><ul class="pSmartList1"><a name="wp153483"> </a><div class="pSmartList1"><li><code class="cCode">trustStore</code>. The value of the <code class="cCode">trustStore</code> property is the fully qualified name of the trust-store file: <code class="cCode"><</code><code class="cVariable">J2EE_HOME</code><code class="cCode">>/domains/domain1/config/cacerts.jks</code></li></div><a name="wp153484"> </a><div class="pSmartList1"><li><code class="cCode">trustStorePassword</code>. The <code class="cCode">trustStorePassword</code> property is the password of the trust-store. The default value of this password is <code class="cCode">changeit</code>. </li></div><a name="wp157487"> </a><div class="pSmartList1"><li><code class="cCode">keyStore</code>. The value of the <code class="cCode">keyStore</code> property is the fully qualified name of the keystore file: <code class="cCode"><</code><code class="cVariable">J2EE_HOME</code><code class="cCode">>/domains/domain1/config/keystore.jks</code></li></div><a name="wp157478"> </a><div class="pSmartList1"><li><code class="cCode">keyStorePassword</code>. The <code class="cCode">keyStorePassword</code> property is the password of the keystore. The default value of this password is <code class="cCode">changeit</code>. </li></div><a name="wp157479"> </a><div class="pSmartList1"><li><code class="cCode">ENDPOINT_ADDRESS_PROPERTY</code>. The <code class="cCode">endpointAddress</code> property sets the endpoint address that the stub uses to access the service.</li></div></ul></div><a name="wp153491"> </a><p class="pBody">The client sets the aforementioned security properties as shown in the code below. The code in <span style="font-weight: bold">bold</span> is the code that had been added from the original version of the <code class="cCode">jaxrpc/staticstub</code> example application. </p><div class="pPreformattedRelative"><pre class="pPreformattedRelative">package mutualauthclient;import javax.xml.rpc.Stub;public class HelloClient { public static void main(String[] args) { <code class="cCodeBold"> if (args.length !=5) { System.out.println("HelloClient Error: Need 5 runtime arguments!"); System.exit(1); } String keyStore=args[0]; String keyStorePassword=args[1]; String trustStore=args[2]; String trustStorePassword=args[3]; String endpointAddress=args[4]; // print to display for verification purposes System.out.println("keystore: " + keyStore); System.out.println("keystorePassword: " + keyStorePassword); System.out.println("trustStore: " + trustStore); System.out.println("trustStorePassword: " + trustStorePassword); System.out.println("Endpoint address: " + endpointAddress);</code> try { Stub stub = createProxy();<code class="cCodeBold"> System.setProperty("javax.net.ssl.keyStore", keyStore); System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); System.setProperty("javax.net.ssl.trustStore", trustStore); System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); stub._setProperty( javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, endpointAddress);</code> HelloIF hello = (HelloIF)stub; System.out.println(hello.sayHello("Duke! ( secure!")); } catch (Exception ex) { ex.printStackTrace(); } } private static Stub createProxy() { // Note: MyHelloService_Impl is implementation-specific. return (Stub)(new MySecureHelloService_Impl().getHelloIFPort()); }}<a name="wp153492"> </a></pre></div><a name="wp129183"> </a><h4 class="pHeading3">Enabling Mutual Authentication over SSL</h4><a name="wp129186"> </a><p class="pBody">The two ways of implementing client authentication are discussed in <a href="Security6.html#wp148545">Enabling Mutual Authentication Over SSL</a>. You can set client authentication for all applications (by specifying this in the deployment descriptor for the server) or for just a single application (by specifying this in the deployment descriptor for the application). For this example, we are enabling client authentication for this application only, so we specify the login authentication method as being <code class="cCode">Client Certificate</code>. The steps for adding Client Certificate authentication are shown in <a href="Security7.html#wp395412">Adding Client Certificate Authentication using deploytool</a>.</p><a name="wp166644"> </a><p class="pBody">For more information on login configuration options, read <a href="Security5.html#wp182253">Using Login Authentication</a>.</p><a name="wp222293"> </a><p class="pBody">The user authentication method specifies a client-certificate method of authentication in this example. For this authentication to run over SSL, we also need to specify which type of transport guarantee to use. For this example, we have chosen CONFIDENTIAL, which is specified in the Network Security Requirement field on the Security tabbed pane in <code class="cCode">deploytool.</code> </p><a name="wp160040"> </a><p class="pBody">For more information on this type of constraint, read <a href="Security4.html#wp159100">Specifying a Secure Connection</a>.</p><a name="wp395388"> </a><h4 class="pHeading3">Build, Package, Deploy, and Run the Mutual Authentication Example</h4><a name="wp153605"> </a><p class="pBody">To build, deploy, and run the JAX-RPC service example with mutual authentication, follow these steps. </p><a name="wp395393"> </a><h5 class="pHeading4">Build the Mutual Authentication Example</h5><a name="wp395430"> </a><p class="pBody">To compile the application files and copy them to the correct directories, run the <code class="cCode">asant</code> <code class="cCode">build</code> task. More information on what happens when the <code class="cCode">build</code> task is called can be found in <a href="JAXRPC4.html#wp79980">Building the Service</a>.</p><div class="pSmartList1"><ol type="1" class="pSmartList1"><a name="wp153606"> </a><div class="pSmartList1"><li>If you haven't already done so, follow these steps for setting up the example. </li></div><div class="pSmartList2"><ul class="pSmartList2"><a name="wp153618"> </a><div class="pSmartList2"><li><a href="Security6.html#wp142440">Configuring the SSL Connector</a>.</li></div><a name="wp153622"> </a><div class="pSmartList2"><li><a href="WebApp3.html#wp213795">Setting Up To Build and Deploy Tutorial Examples</a>.</li></div></ul></div><a name="wp153623"> </a><div class="pSmartList1"><li>Go to the <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/mutualauth/ </code>directory.</li></div><a name="wp153624"> </a><div class="pSmartList1"><li>Build the JAX-RPC service by entering the following at the terminal window or command prompt in the <code class="cCode">mutualauth/</code> directory (this and the following steps that use <code class="cCode">asant</code> assume that you have the executable for <code class="cCode">asant</code> in your path: if not, you will need to provide the fully-qualified path to the <code class="cCode">asant</code> executable):</li></div><a name="wp153625"> </a><p class="pBodyRelative"><code class="cCode"> asant build</code></p><a name="wp395400"> </a><div class="pSmartList1"><li>Change to the directory <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/mutualauthclient/.</code></li></div><a name="wp395401"> </a><div class="pSmartList1"><li>Build the JAX-RPC client by entering the following at the terminal window or command prompt:</li></div><a name="wp395402"> </a><p class="pBodyRelative"><code class="cCode"> asant build</code></p></ol></div><a name="wp299399"> </a><h5 class="pHeading4">Package the Mutual Authentication Example</h5><a name="wp395419"> </a><p class="pBody">You can package the mutual authentication example using <code class="cCode">deploytool</code>, or just open the WAR file located in the <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/provided-wars/mutualauth.WAR</code> file. This section shows the steps you use to package the JAX-RPC service. </p><div class="pSmartList1"><ol type="1" class="pSmartList1"><a name="wp395394"> </a><div class="pSmartList1"><li>Start <code class="cCode">deploytool</code> if you haven't already done so. </li></div><a name="wp395425"> </a><div class="pSmartList1"><li>Select File<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>New<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Web Component from the <code class="cCode">deploytool</code> menu. The wizard displays the following dialog boxes.</li></div><div class="pSmartList2"><ol type="a" class="pSmartList2"><a name="wp395448"> </a><div class="pSmartList2"><li>Introduction dialog box </li></div>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -