问题描述
有一种方法让java web应用程序通过http请求获取安装在机器上的安全证书的信息,如果在机器上安装了特定的证书,则选择性地授予访问权限。
Is there a way for a java web app to get information on the security certificates installed on one's machine via a http request and selectively grant access if a particular certifiicate is installed on the machine.
基本上,要求是,web应用程序只能从公司笔记本电脑接收请求,否则必须拒绝访问相应的错误文本。
Basically the requirement is, the web application should entertain request only from a company laptop else must deny access with appropriate error text.
(这些可以是在其计算机上安装了某些证书的笔记本电脑,或者可以来自一组静态ips。)
(These could be win laptops with certain certifcates installed on their machine or they can be from a certain set of static ips.)
推荐答案
是的,这是可能使用HTTPS客户端证书。准确的设置和配置取决于您的应用程序服务器和特定要求,但常见的情况是您创建公司内部CA(证书颁发机构)颁发客户端证书,这些证书可能仅限于特定的客户端IP地址,并配置应用程序服务器HTTPS连接器,以要求客户端证书并信任您自己的CA颁发的证书。
Yes, this is possible using HTTPS client certificates. The exact setup and configuration depends on your application server and specific requirements, but a common scenario woul be that you create a company internal CA (certification authority) to issue the client certificates which may be restricted to specific client IP addresses and configure your application server's HTTPS connector to require a client certificate and to trust certificates issued by your own CA.
完成正确的配置后,客户端证书通过servlet请求属性可用于Web应用程序:
After the proper configuration has been done, the client certificate(s) is/are made available to the web application through a servlet request attribute:
X509Certificate[] certificates = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
这篇关于基于证书和IP的身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!