4 Replies Latest reply on May 21, 2009 11:10 AM by Brett Levasseur

    Jetty Component and Client Certificate Authentication

    Brett Levasseur Newbie

      I was wondering how to enforce client certificate authentication when I use the Jetty component? I know that if I want to setup an https endpoint in my Camel route I would do the following in my Camel context file to indicate where my certificate is:

       

       

       

      Is there some other property that I would set to indicate that I require a client certificate? Also is there a separate property that I would use to indicate my trust store? Thanks.

       

      Brett

        • 1. Re: Jetty Component and Client Certificate Authentication
          Stan Lewis Novice

          Hi Brett,

           

          Unfortunately it looks like there aren't getters/setters for all of the configurable properties of the Jetty SSL socket connector class, just a subset so this can't be configured via the spring XML.  I've raised this as an improvement for you though  MR-166 so it's on our radar.

          • 2. Re: Jetty Component and Client Certificate Authentication
            Jonathan Anstey Novice

            We also allow the ssl socket connector to be set as a property, giving you full control over the Jetty configuration. For instance, you can try something like this

             

              <bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent">
                <property name="sslSocketConnector">
                  <bean class="org.mortbay.jetty.security.SslSocketConnector">
                    <property name="password" value="..."></property>
                    <property name="keyPassword" value="..."></property>
                    <property name="keystore" value="..."></property>
                    <property name="wantClientAuth" value="..."></property>
                    <property name="truststore" value="..."></property>
                  </bean>
                </property>
              </bean>  
            

             

            Cheers,

            Jon

            • 3. Re: Jetty Component and Client Certificate Authentication
              Brett Levasseur Newbie

              Thanks for the information. I have tried changing my configuration to:

               

                 

               

              To test it I just tried to access the web page with my browser. When I do this I get the notification that the server is using a certificate, but the server does not throw an error indicating that the client did not send a certificate. Instead it allows my browser to send its get request which doesn't do anything. Is there anything else I am missing?

               

              Brett

              • 4. Re: Jetty Component and Client Certificate Authentication
                Brett Levasseur Newbie

                I figured out that you can use the property needClientAuth instead of wantClientAuth. When I used "want" I could still make connections to my server without the client providing a certificate, but once I changed to "need" it worked just fine.

                 

                  <bean id="jetty" class="org.apache.camel.component.jetty.JettyHttpComponent">
                    <property name="sslSocketConnector">
                      <bean class="org.mortbay.jetty.security.SslSocketConnector">
                        <property name="password" value="..."></property>
                        <property name="keyPassword" value="..."></property>
                        <property name="keystore" value="..."></property>
                        <property name="needClientAuth" value="true"></property>
                        <property name="truststore" value="..."></property>
                      </bean>
                    </property>
                  </bean>
                

                 

                Brett