4 Replies Latest reply on May 21, 2009 11:10 AM by brett_brettl

    Jetty Component and Client Certificate Authentication

    brett_brettl
    brett_brettl Apr 22, 2009 1:09 PM

      I was wondering how to enforce client certificate authentication when I use the Jetty component? I know that if I want to setup an https endpoint in my Camel route I would do the following in my Camel context file to indicate where my certificate is:

       

       

       

      Is there some other property that I would set to indicate that I require a client certificate? Also is there a separate property that I would use to indicate my trust store? Thanks.

       

      Brett

      • 843 Views
      • Tags:
        • 1. Re: Jetty Component and Client Certificate Authentication
          stlewis
          stlewis Apr 22, 2009 4:47 PM (in response to brett_brettl)

          Hi Brett,

           

          Unfortunately it looks like there aren't getters/setters for all of the configurable properties of the Jetty SSL socket connector class, just a subset so this can't be configured via the spring XML.  I've raised this as an improvement for you though  MR-166 so it's on our radar.

            • Actions
          • 2. Re: Jetty Component and Client Certificate Authentication
            janstey
            janstey Apr 23, 2009 7:46 AM (in response to brett_brettl)

            We also allow the ssl socket connector to be set as a property, giving you full control over the Jetty configuration. For instance, you can try something like this

             

              <bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent">
    <property name="sslSocketConnector">
      <bean class="org.mortbay.jetty.security.SslSocketConnector">
        <property name="password" value="..."></property>
        <property name="keyPassword" value="..."></property>
        <property name="keystore" value="..."></property>
        <property name="wantClientAuth" value="..."></property>
        <property name="truststore" value="..."></property>
      </bean>
    </property>
  </bean> 

             

            Cheers,

            Jon

              • Actions
            • 3. Re: Jetty Component and Client Certificate Authentication
              brett_brettl
              brett_brettl Apr 24, 2009 12:46 PM (in response to janstey)

              Thanks for the information. I have tried changing my configuration to:

               

                 

               

              To test it I just tried to access the web page with my browser. When I do this I get the notification that the server is using a certificate, but the server does not throw an error indicating that the client did not send a certificate. Instead it allows my browser to send its get request which doesn't do anything. Is there anything else I am missing?

               

              Brett

                • Actions
              • 4. Re: Jetty Component and Client Certificate Authentication
                brett_brettl
                brett_brettl May 21, 2009 11:10 AM (in response to brett_brettl)

                I figured out that you can use the property needClientAuth instead of wantClientAuth. When I used "want" I could still make connections to my server without the client providing a certificate, but once I changed to "need" it worked just fine.

                 

                  <bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent">
    <property name="sslSocketConnector">
      <bean class="org.mortbay.jetty.security.SslSocketConnector">
        <property name="password" value="..."></property>
        <property name="keyPassword" value="..."></property>
        <property name="keystore" value="..."></property>
        <property name="needClientAuth" value="true"></property>
        <property name="truststore" value="..."></property>
      </bean>
    </property>
  </bean>

                 

                Brett

                  • Actions