[jetty-users] Client certificate authentication per handler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Client certificate authentication per handler

From: Philippe Granjal <ghetolay@xxxxxxxxx>
Date: Tue, 26 Jun 2012 10:12:37 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi,

I'm using jetty embedded and I have a SsslSelectChannelConnector and when I set needClientAuth to true it work well but it's set for all handlers.

But now I would like to use 2 handlers, the first one will use a client cert auth and if it fail the second one will work with a different login system. And I can only have one port open for ssl. I found ClienCertAuthenticor but I'm unable to make it work :

ClientCertAuthenticator authenticator = new ClientCertAuthenticator();

authenticator.setTrustStore("truststore_path");

authenticator.setTrustStorePassword("changeit");

authenticator.setValidateCerts(true);

Constraint constraint = new Constraint();

constraint.setName(Constraint.__CERT_AUTH);

constraint.setAuthenticate(true);

ConstraintMapping constraintMapping = new ConstraintMapping();

constraintMapping.setConstraint(constraint);

constraintMapping.setPathSpec("/scads");

ConstraintSecurityHandler servHandler = new ConstraintSecurityHandler();

servHandler.setAuthenticator(authenticator);

servHandler.setLoginService(new HashLoginService());

servHandler.addConstraintMapping(constraintMapping);

servHandler.setHandler(myHandler);

Here is a part of what I got on debug :

...

2012-06-26 09:43:49,351 DEBUG [ChannelEndPoint.java:249] : Exception while filling

java.io.IOException: Connection reset by peer

at sun.nio.ch.FileDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:202)

at sun.nio.ch.IOUtil.read(IOUtil.java:175)

at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:243)

at org.eclipse.jetty.io.nio.ChannelEndPoint.fill(ChannelEndPoint.java:230)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.fill(SelectChannelEndPoint.java:309)

at org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:325)

at org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:43)

at org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.flush(SslConnection.java:670)

at org.eclipse.jetty.http.HttpGenerator.flushBuffer(HttpGenerator.java:875)

at org.eclipse.jetty.http.AbstractGenerator.flush(AbstractGenerator.java:438)

at org.eclipse.jetty.server.HttpOutput.flush(HttpOutput.java:94)

at org.eclipse.jetty.server.AbstractHttpConnection$Output.flush(AbstractHttpConnection.java:1006)

at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:173)

at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:101)

at org.eclipse.jetty.util.ByteArrayISO8859Writer.writeTo(ByteArrayISO8859Writer.java:102)

at org.eclipse.jetty.server.Response.sendError(Response.java:375)

at org.eclipse.jetty.server.Response.sendError(Response.java:400)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:429)

at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:47)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)

at org.eclipse.jetty.server.Server.handle(Server.java:347)

at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:451)

at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:916)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:634)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230)

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)

at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:191)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:611)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)

at java.lang.Thread.run(Thread.java:662)

2012-06-26 09:43:49,353 DEBUG [SslConnection.java:339] : [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@59c208b0 SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@44908881,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=4,c=0},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0

2012-06-26 09:43:49,353 DEBUG [Server.java:348] : RESPONSE /scads 403

2012-06-26 09:43:49,353 DEBUG [ChannelEndPoint.java:249] : Exception while filling

java.nio.channels.ClosedChannelException

Follow-Ups:
- Re: [jetty-users] Client certificate authentication per handler
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] OutOfMemoryError with Jetty 8.1.1
Next by Date: [jetty-users] Major security issue or misconfiguration?
Previous by thread: [jetty-users] Problem after jetty migration from 6.1.25 to 8.1.3 !
Next by thread: Re: [jetty-users] Client certificate authentication per handler
Index(es):
- Date
- Thread

Breadcrumbs