-
1. Re: Jetty Component and Client Certificate Authentication
stlewis Apr 22, 2009 4:47 PM (in response to brett_brettl)Hi Brett,
Unfortunately it looks like there aren't getters/setters for all of the configurable properties of the Jetty SSL socket connector class, just a subset so this can't be configured via the spring XML. I've raised this as an improvement for you though MR-166 so it's on our radar.
-
2. Re: Jetty Component and Client Certificate Authentication
janstey Apr 23, 2009 7:46 AM (in response to brett_brettl)We also allow the ssl socket connector to be set as a property, giving you full control over the Jetty configuration. For instance, you can try something like this
<bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent"> <property name="sslSocketConnector"> <bean class="org.mortbay.jetty.security.SslSocketConnector"> <property name="password" value="..."></property> <property name="keyPassword" value="..."></property> <property name="keystore" value="..."></property> <property name="wantClientAuth" value="..."></property> <property name="truststore" value="..."></property> </bean> </property> </bean>
Cheers,
Jon
-
3. Re: Jetty Component and Client Certificate Authentication
brett_brettl Apr 24, 2009 12:46 PM (in response to janstey)Thanks for the information. I have tried changing my configuration to:
To test it I just tried to access the web page with my browser. When I do this I get the notification that the server is using a certificate, but the server does not throw an error indicating that the client did not send a certificate. Instead it allows my browser to send its get request which doesn't do anything. Is there anything else I am missing?
Brett
-
4. Re: Jetty Component and Client Certificate Authentication
brett_brettl May 21, 2009 11:10 AM (in response to brett_brettl)I figured out that you can use the property needClientAuth instead of wantClientAuth. When I used "want" I could still make connections to my server without the client providing a certificate, but once I changed to "need" it worked just fine.
<bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent"> <property name="sslSocketConnector"> <bean class="org.mortbay.jetty.security.SslSocketConnector"> <property name="password" value="..."></property> <property name="keyPassword" value="..."></property> <property name="keystore" value="..."></property> <property name="needClientAuth" value="true"></property> <property name="truststore" value="..."></property> </bean> </property> </bean>
Brett