Java Applet 不断要求身份验证

【问题标题】:Java Applet Constantly Asks for AuthenticationJava Applet 不断要求身份验证
【发布时间】:2014-04-02 20:11:12
【问题描述】:

在 Weblogic 10 上有一个 ADF 应用程序,偶尔可以访问 Java 小程序。 Java 小程序在需要时加载,在不需要时不加载。该小程序当前位于 public_html/applet 文件夹中。

当我们将 SSL 配置设置为需要客户端证书时,当 Java 小程序加载时,它会不断要求客户端证书:

请求身份验证 需要鉴定。请选择用于身份验证的证书。

这对用户来说很烦人,Java Applet 不需要身份验证。有什么方法可以禁用身份验证或删除提示?

这是嵌入的小程序代码:

编辑:我已经尝试过的事情:

1) 将 Applet 设置为 HTTP 而不是 HTTPS;我收到有关混合内容的警告,但仍会弹出身份验证。

2) 创建了一个只在控制台中输入“HELLO WORLD”的最小小程序,仍然会弹出身份验证

这是控制台窗口:

Java Plug-in 1.6.0_35
Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
User home directory = C:\Users\mfan

security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]

network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
(and here's where the prompt comes up).

【问题讨论】:

    标签: applet weblogic authentication


    【解决方案1】:

    您说您的小程序不需要客户端身份验证,因此您可以将小程序 jar 放在 http 位置。然后你必须为这个 http 位置指定 codebase 参数。例如,如果您将 jar 作为资源放在 

    @987654321@
    你可以指定: 
    codebase = http://public.test/somewhere/
archive = myApplet.jar

    但是我认为这可能是一个配置问题,您可以配置您的 Web 服务器以请求客户端证书身份验证,可选地在小程序位置上不需要。

    希望这会有所帮助,

    编辑:

    您可以将您的 webLogic 放在代理(如 apache http 服务器)后面,这是一个配置代理以仅在特定位置要求客户端证书。 apache http 服务器案例的配置示例如下所示:

    ##
## SSL Virtual Host Context
##
<VirtualHost myHost:443>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile conf/server.crt
    SSLCertificateKeyFile conf/server.key
    SSLVerifyClient none
    SSLVerifyDepth 10
    SSLOptions +StdEnvVars +ExportCertData

    JkMount /myWeb loadBalancer
    JkMount /myWeb/* loadBalancer

    <Location /myWeb/login/certificateLoginLocation>

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCACertificateFile conf/trustedCA.cer
        SSLVerifyClient optional
        SSLVerifyDepth 10
        SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate

        RewriteEngine on
        RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
        RewriteRule .* http://myHost/myWeb/accesForbbiden.htm

    </Location> 


</VirtualHost>

    【讨论】:

    • 这就是我的想法,但有没有办法将特定路径配置为不属于客户端身份验证的一部分?我们没有可以将小程序链接到的单独服务器/url。我们正在使用 WebLogic。
    • 我尝试在答案中回复您的评论。
    【解决方案2】:

    好吧,我不确定 weblogic,我正在使用 jboss,我知道没有办法做到这一点。

    所以我们所做的就是在前面安装一个 apache,作为反向代理

    和配置看起来

    听 vgw_mgmt:443 文档根目录 /srv/www/ SSLEngine 开启 SSLCipherSuite 高 SSLProtocol all -SSLv2 SSLOptions +ExportCertData +StdEnvVars SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key SSL验证深度 3 SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem SSLVerifyClient 无 ProxyPass /webmgr/ ajp://webapps:8009/webmgr/ SSLVerifyClient 可选 位置> SSLVerifyClient 无 位置> 虚拟主机>

    所以,每当用户点击https : // pro xy /webmgr/ 时,都会提示客户端身份验证(我们使用“可选”而不是“必需”的原因是因为我们想要显示漂亮的错误页面告诉客户您需要提供证书才能登录)

    而且,我的小程序存储在 /webmgr/javascript/applet.jar 中

    所以当小程序加载时

    <applet archive="applet.jar" codebase="/webmgr/javascript/" name="jsapplet" id="jsapplet" code="myapps.mylittleprogram" height="1" width="1"></applet>

    它将跳过客户端身份验证。

    【讨论】:

      【解决方案3】:

      由于我们的应用程序在 http 和 https 上,我只是将存档设置为 http://,现在它可以正常工作了。

      【讨论】:

        猜你喜欢
        • 2019-12-02
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2021-12-09
        • 2016-09-16
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode