Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Jetty require SSL client certificate by URL

Tags:

java

authentication

https

servlets

jetty

I would like to run a servlet in Jetty on an HTTPS site that requires a client certificate for only part of the site (specific URLs). For example:

https://example.com/someservlet/public - no client cert required https://example.com/someservlet/protected - client cert required

In Apache I can accomplish this by specifying SSLVerifyClient require inside a <Directory> or <Location> which forces Apache to renegotiate the SSL connection after the request is made.

I do not want to run Jetty embedded in anything else, just standalone. Is this possible? Can a Servlet cause this directly somehow? Can it be done via configuration?

like image 388
slushpupie Avatar asked Jan 14 '11 16:01

slushpupie

People also ask

How do I pass a client certificate to web API?

Using Client Certificates in Web API On the server side, you can get the client certificate by calling GetClientCertificate on the request message. The method returns null if there is no client certificate. Otherwise, it returns an X509Certificate2 instance.

Is client certificate required for HTTPS?

HTTPS Client Authentication requires the client to possess a Public Key Certificate (PKC). If you specify client authentication, the web server will authenticate the client using the client's public key certificate.

How do I add a client certificate to my browser?

Chrome: Importing Your Client CertificateIn Chrome, go to Settings. On the Settings page, below Default browser, click Show advanced settings. Under HTTPS/SSL, click Manage certificates. In the Certificates window, on the Personal tab, click Import.

1 Answers

As far as I know you can only specify the SSL options on a per-port basis.

Even if you could the configuration you are trying to achieve is problematic, as it needs the SSLRenegotiation which has been changed about a year ago because of a security vulnerability. The new method for performing an SSLRenogitiation is therefore only supported by newer clients and sometimes even if it is supported it does not work because of bugs.

My recommendation for an easy workaround: Configure Jetty to listen on two SSL ports: For example on 443 without HTTPS Client auth and on 8443 with HTTPS client auth required. Then make your protected servlet only available on 8443. This is not a nice solution but 100% robust, works with Jetty and with all clients.

like image 160
Robert Avatar answered Oct 01 '22 11:10

Robert
Sign in to Comment

Related questions

GWT OverlayTypes Date and Long
How to teach findbugs to understand IoC fields properly?
Collator doesn't sort right for given Locale
Full Screen Swing with JOGL
Is the @Resource annotation applied when a Stateless EJB is deserialized?
Best way to truncate all tables with hibernate?
How to synthesize piano sounds in android/java
Eclipse Helios having performance problems Mac OS X 10.6.5
Nullpointer at hibernate begin transaction
How does one atomically replace a directory with another one in Java?
calling main thread from Runnable thread in java
Guidelines for testing multithreaded code or ensuring that code is thread-safe
Python tool for performance profiling [duplicate]
Allman-style anonymous classes
Where to keep a GPG secret key for a Maven project in CI environment?
javax.print.PrintException: Printer is not accepting job
Read Microsoft Works and/or One Note files from Java
Why isn't Java's InetAddress class resolving ipv6 addresses to their FQDN?
Extend Android virtual keyboard
Java: How to I change the color of a specific line or row of string in a Text area?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!