• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

How to establish the mutual authentication using "client.cer" file

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everyone,

I want to try "mutual authentication" by using "client-cert" method in deployment describer

I follow the Java EE 5 tutorial at
http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html#bnbyi

then I got the client.cer file,

How do I use this file to achieve the "mutual authentication" ?

thank you.
 
mojo lai
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

if I want to setup mutual authentication by client-cert

I must install certificate in the IE's certificate "Personal" Tab ?

Am I right ?
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the client is using IE, then yes. Not everybody uses IE.
 
mojo lai
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Among Servlet, JSP, JAX-WS, EJB

which component can use "client-cert" authentication ?

only JSP and Servlet ? or ALL?

thank you.
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your question is a little difficult for me to answer, because it is so broad, but I'll try.

The APIs and technologies you mention allow for a variety of security possibilities. Also, the JAX-WS tools may be used for building pieces of client-side applications, or even stand-alone applications. For example, you can use the XML schema compiler to create Java classes that are used solely for processing an XML data file. For the most part, however, these are server-side tools and APIs. There are two broad pieces of the security puzzle that are addressed in some way by all. Message security and network connection security. I forget where, but somewhere in the Sun documentation is a nice matrix summarizing these. The network connection security is what is provided by TLS/SSL, and for which the client certificates you have mentioned might by employed. TLS/SSL doesn't care about the content that goes over the connection. It only provides a secure pipe to transfer data between network peers. It will authenticate the server and optionally the client and then encrypt all the data sent. It is with client certificates that the client-side of the connection is authenticated. Message security is concerned with the contents of what is being sent, i.e. the "message". This involves the notions of a sender and a recipient, just like in e-mail. The sender applies security to the message, for example, encryption and digital signatures, and the result is a secured message. This secured message is the sent to the recipient, possibly over SSL or possibly not. It cannot be decrypted by anyone except the recipient. Message security functionality is provided by XML encryption and XML digital signature APIs and tools.

PS. The reference to the Sun docs I referred to above come from the Sun Java Web Services Tutorial, which in turn is from Security Challenges, Threats, and Countermeasures
[ December 15, 2007: Message edited by: greg stark ]
 
Happily living in the valley of the dried frogs with a few tiny ads.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic