Applet Java小程序不断地请求身份验证
在Weblogic 10上有一个ADF应用程序,偶尔可以访问Java小程序。Java小程序在需要时加载,而在不需要时不加载。小程序当前位于public_html/applet文件夹中 当我们将SSL配置设置为需要客户端证书时,当Java小程序加载时,它会不断请求客户端证书: 请求身份验证 需要识别。请选择用于身份验证的证书。 这对用户来说很烦人,Java小程序不需要身份验证。我们有没有办法禁用身份验证或删除提示 以下是嵌入式小程序代码: 编辑:我已经尝试过的事情: 1) 在HTTP而不是HTTPS上设置小程序;我收到关于混合内容的警告,但仍然会弹出身份验证窗口 2) 创建了一个最小的小程序,只在控制台中键入“HELLO WORLD”,仍然可以获得身份验证弹出窗口 这是控制台窗口:Applet Java小程序不断地请求身份验证,applet,weblogic,authentication,Applet,Weblogic,Authentication,在Weblogic 10上有一个ADF应用程序,偶尔可以访问Java小程序。Java小程序在需要时加载,而在不需要时不加载。小程序当前位于public_html/applet文件夹中 当我们将SSL配置设置为需要客户端证书时,当Java小程序加载时,它会不断请求客户端证书: 请求身份验证 需要识别。请选择用于身份验证的证书。 这对用户来说很烦人,Java小程序不需要身份验证。我们有没有办法禁用身份验证或删除提示 以下是嵌入式小程序代码: 编辑:我已经尝试过的事情: 1) 在HTTP而不是HTT
Java Plug-in 1.6.0_35
Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
User home directory = C:\Users\mfan
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]
network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
(and here's where the prompt comes up).
您说过小程序不需要客户端身份验证,所以您可以将小程序JAR放在http位置。然后,您必须为此http位置指定codebase参数。例如,如果您将jar作为资源放在
http://public.test/somewhere/myApplet.jar
不过,我认为这可能是一个配置问题,您可以将web服务器配置为请求客户端证书身份验证(可选,在小程序位置不需要)
希望这有帮助
编辑:
您可以将webLogic放在代理(如ApacheHTTP服务器)后面,将代理配置为仅在特定位置需要客户端证书。apache http服务器案例的配置示例如下所示:
##
## SSL Virtual Host Context
##
<VirtualHost myHost:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
JkMount /myWeb loadBalancer
JkMount /myWeb/* loadBalancer
<Location /myWeb/login/certificateLoginLocation>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule .* http://myHost/myWeb/accesForbbiden.htm
</Location>
</VirtualHost>
##
##SSL虚拟主机上下文
##
斯伦金安
SSLCipherSuite全部:!ADH:!出口56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
sslcertificatefileconf/server.crt
SSLCertificateKeyFile conf/server.key
SSLVERIFYCLENT无
SSLVerifyDepth 10
SSLOptions+StdEnvVars+ExportCertData
JkMount/myWeb负载均衡器
JkMount/myWeb/*负载均衡器
SSLCipherSuite全部:!ADH:!出口56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient可选
SSLVerifyDepth 10
SSLOptions+StdEnvVars+ExportCertData+OptRenegotiate
重新启动发动机
RewriteCond%{SSL:SSL\u CLIENT\u VERIFY}^成功$
重写规则。*http://myHost/myWeb/accesForbbiden.htm
嗯,我对weblogic不太清楚,我正在使用jboss,我知道没有办法做到这一点
所以我们在前面安装了一个apache,作为反向代理
以及配置外观
Listen vgw_mgmt:443
<VirtualHost vgw_mgmt:443>
DocumentRoot /srv/www/
SSLEngine on
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
SSLOptions +ExportCertData +StdEnvVars
SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem
SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key
SSLVerifyDepth 3
SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem
SSLVerifyClient none
ProxyPass /webmgr/ ajp://webapps:8009/webmgr/
<Location /webmgr/>
SSLVerifyClient optional
</Location>
<Location /webmgr/javascript/>
SSLVerifyClient none
</Location>
</VirtualHost>
它将跳过客户端身份验证 因为我们的应用程序是基于http和https的,所以我只是将存档设置为http://并且现在可以正常工作。这就是我的想法,但是有没有办法将特定路径配置为不属于客户端身份验证的一部分?我们没有可以链接小程序的单独服务器/url。我们正在使用WebLogic。我试图在回答中回应您的评论。 Listen vgw_mgmt:443 <VirtualHost vgw_mgmt:443> DocumentRoot /srv/www/ SSLEngine on SSLCipherSuite HIGH SSLProtocol all -SSLv2 SSLOptions +ExportCertData +StdEnvVars SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key SSLVerifyDepth 3 SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem SSLVerifyClient none ProxyPass /webmgr/ ajp://webapps:8009/webmgr/ <Location /webmgr/> SSLVerifyClient optional </Location> <Location /webmgr/javascript/> SSLVerifyClient none </Location> </VirtualHost>
<applet archive="applet.jar" codebase="/webmgr/javascript/" name="jsapplet" id="jsapplet" code="myapps.mylittleprogram" height="1" width="1"></applet>