Applet Java小程序不断地请求身份验证_Applet_Weblogic_Authentication

Applet Java小程序不断地请求身份验证

weblogic authentication

Applet Java小程序不断地请求身份验证,applet,weblogic,authentication,Applet,Weblogic,Authentication,在Weblogic 10上有一个ADF应用程序，偶尔可以访问Java小程序。Java小程序在需要时加载，而在不需要时不加载。小程序当前位于public_html/applet文件夹中当我们将SSL配置设置为需要客户端证书时，当Java小程序加载时，它会不断请求客户端证书：请求身份验证需要识别。请选择用于身份验证的证书。这对用户来说很烦人，Java小程序不需要身份验证。我们有没有办法禁用身份验证或删除提示以下是嵌入式小程序代码：编辑：我已经尝试过的事情： 1）在HTTP而不是HTT

在Weblogic 10上有一个ADF应用程序，偶尔可以访问Java小程序。Java小程序在需要时加载，而在不需要时不加载。小程序当前位于public_html/applet文件夹中

当我们将SSL配置设置为需要客户端证书时，当Java小程序加载时，它会不断请求客户端证书：

请求身份验证需要识别。请选择用于身份验证的证书。

这对用户来说很烦人，Java小程序不需要身份验证。我们有没有办法禁用身份验证或删除提示

以下是嵌入式小程序代码：

编辑：我已经尝试过的事情：

1）在HTTP而不是HTTPS上设置小程序；我收到关于混合内容的警告，但仍然会弹出身份验证窗口

2）创建了一个最小的小程序，只在控制台中键入“HELLO WORLD”，仍然可以获得身份验证弹出窗口

这是控制台窗口：

Java Plug-in 1.6.0_35
Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
User home directory = C:\Users\mfan

security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]

network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
(and here's where the prompt comes up).

您说过小程序不需要客户端身份验证，所以您可以将小程序JAR放在http位置。然后，您必须为此http位置指定codebase参数。例如，如果您将jar作为资源放在

http://public.test/somewhere/myApplet.jar

不过，我认为这可能是一个配置问题，您可以将web服务器配置为请求客户端证书身份验证（可选，在小程序位置不需要）

希望这有帮助

编辑：

您可以将webLogic放在代理（如ApacheHTTP服务器）后面，将代理配置为仅在特定位置需要客户端证书。apache http服务器案例的配置示例如下所示：

##
## SSL Virtual Host Context
##
<VirtualHost myHost:443>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile conf/server.crt
    SSLCertificateKeyFile conf/server.key
    SSLVerifyClient none
    SSLVerifyDepth 10
    SSLOptions +StdEnvVars +ExportCertData

    JkMount /myWeb loadBalancer
    JkMount /myWeb/* loadBalancer

    <Location /myWeb/login/certificateLoginLocation>

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCACertificateFile conf/trustedCA.cer
        SSLVerifyClient optional
        SSLVerifyDepth 10
        SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate

        RewriteEngine on
        RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
        RewriteRule .* http://myHost/myWeb/accesForbbiden.htm

    </Location> 


</VirtualHost>

##
##SSL虚拟主机上下文
##
斯伦金安
SSLCipherSuite全部：！ADH:！出口56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
sslcertificatefileconf/server.crt
SSLCertificateKeyFile conf/server.key
SSLVERIFYCLENT无
SSLVerifyDepth 10
SSLOptions+StdEnvVars+ExportCertData
JkMount/myWeb负载均衡器
JkMount/myWeb/*负载均衡器
SSLCipherSuite全部：！ADH:！出口56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient可选
SSLVerifyDepth 10
SSLOptions+StdEnvVars+ExportCertData+OptRenegotiate
重新启动发动机
RewriteCond%{SSL:SSL\u CLIENT\u VERIFY}^成功$
重写规则。*http://myHost/myWeb/accesForbbiden.htm

嗯，我对weblogic不太清楚，我正在使用jboss，我知道没有办法做到这一点

所以我们在前面安装了一个apache，作为反向代理

以及配置外观

Listen vgw_mgmt:443 <VirtualHost vgw_mgmt:443> DocumentRoot /srv/www/ SSLEngine on SSLCipherSuite HIGH SSLProtocol all -SSLv2 SSLOptions +ExportCertData +StdEnvVars SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key SSLVerifyDepth 3 SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem SSLVerifyClient none ProxyPass /webmgr/ ajp://webapps:8009/webmgr/ <Location /webmgr/> SSLVerifyClient optional </Location> <Location /webmgr/javascript/> SSLVerifyClient none </Location> </VirtualHost>

它将跳过客户端身份验证

因为我们的应用程序是基于http和https的，所以我只是将存档设置为http://并且现在可以正常工作。

这就是我的想法，但是有没有办法将特定路径配置为不属于客户端身份验证的一部分？我们没有可以链接小程序的单独服务器/url。我们正在使用WebLogic。我试图在回答中回应您的评论。 Listen vgw_mgmt:443 <VirtualHost vgw_mgmt:443> DocumentRoot /srv/www/ SSLEngine on SSLCipherSuite HIGH SSLProtocol all -SSLv2 SSLOptions +ExportCertData +StdEnvVars SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key SSLVerifyDepth 3 SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem SSLVerifyClient none ProxyPass /webmgr/ ajp://webapps:8009/webmgr/ <Location /webmgr/> SSLVerifyClient optional </Location> <Location /webmgr/javascript/> SSLVerifyClient none </Location> </VirtualHost>

<applet archive="applet.jar" codebase="/webmgr/javascript/" name="jsapplet" id="jsapplet" code="myapps.mylittleprogram" height="1" width="1"></applet>