ssl - Spring-Boot client authentication configuration. -
first off, i'm new spring-boot , ssl in general, i've spent several days researching , trying simple spring-boot application configured client authentication.
i've set connector so:
private connector createsslconnector() { connector connector = new connector("org.apache.coyote.http11.http11nioprotocol"); http11nioprotocol protocol = (http11nioprotocol) connector.getprotocolhandler(); try { file keystore = getkeystorefile(); file truststore = keystore; connector.setscheme("https"); connector.setsecure(true); connector.setport(sslport); protocol.setsslenabled(true); protocol.setkeystorefile(keystore.getabsolutepath()); protocol.setkeystorepass("changeit"); protocol.settruststorefile(truststore.getabsolutepath()); protocol.settruststorepass("changeit"); protocol.setkeyalias("apitester"); protocol.setclientauth("need"); return connector; } catch (ioexception ex) { throw new illegalstateexception("cant access keystore: [" + "keystore" + "] or truststore: [" + "keystore" + "]", ex); } }
and controller looks so:
@requestmapping("/test/{identifier}") @responsebody responseentity<string> test(httpservletrequest request, @pathvariable string identifier) { return new responseentity<string>("hello: " + identifier, httpstatus.ok) }
however, once launch application can use browser navigate localhost:sslport/hello/test/xxxx , response without type of client certificate loaded. expecting prompted client certificate.
spring boot uses tomcat (embedded) web container default.
as called out tomcat doc, have set true enforce propagation of valid certificate chain client before accepting connection. setting want allow client provide certificate not absolutely required.
i doubt if "need" makes meaning container.
protocol.setclientauth("need");
Comments
Post a Comment