From: Greg W. <gr...@mo...> - 2006-03-28 22:12:50
|
Mike, sorry for the slow reply.... I would have thought that JSSE would not have accepted a connection without a client certificate if you have set listener.setNeedClientAuth(true) !!!! It is a little bit beyond Jetty's control, but if we can confirm that JSSE is allowed to make connections ignoring the need - then I think I will have to explicitly check connections for this in the listener. However, for now, I would suggest using a filter to check that a clert cert attribute exists and reject the request if it does not. regards Gerdes, Mike wrote: > hi all, > > I have a problem with the Jetty 6 SslSocketConnector. I am trying to make a http connector that uses SSL, configuration and everything works fine, the server sends the client a certificate also great...everything fine till now, but now I want the client to authenticate itself. The client now sends an invalid certificate and I get a error: > > java.lang.IllegalStateException: no client auth > at org.mortbay.jetty.security.SslSocketConnector.customize(SslSocketConnectorjava:361) > at org.mortbay.jetty.HttpConnection.doHandler(HttpConnection.java:362) > at org.mortbay.jetty.HttpConnection.access$1600(HttpConnection.java:46) > at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:612) > at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:485) > at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:194) > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:298) > at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:153) > at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:412) > > Ok this error is ok, but the the connection is not droped. The http request is forwarded and served. > > Is this a general error or just my understanding or a wrong implementation configuration? > > I hope you can help me to clarify my thoughts. > > cya and thanks > > mike > > p.s. here is my source for the http server (a modified servicemix http-binding component): > > --snap-- > > public void init(ComponentContext cc) throws JBIException { > super.init(cc); > if (listener == null) { > listener = new SslSocketConnector(); > } > listener.setHost(host); > listener.setPort(port); > listener.setConfidentialPort(port); > listener.setNeedClientAuth(true); > listener.setPassword("blabla"); > listener.setKeyPassword("blabla"); > server = new Server(); > BoundedThreadPool btp = new BoundedThreadPool(); > btp.setMaxThreads(getMaxThreads()); > server.setThreadPool(btp); > } > > /** > * start the Component > * > * @throws JBIException > */ > public void start() throws JBIException { > server.setConnectors(new Connector[] { listener }); > ContextHandler context = new ContextHandler(); > context.setContextPath("/"); > ServletHolder holder = new ServletHolder(); > holder.setName("jbiServlet"); > holder.setClassName(BindingServlet.class.getName()); > ServletHandler handler = new ServletHandler(); > handler.setServlets(new ServletHolder[] { holder }); > ServletMapping mapping = new ServletMapping(); > mapping.setServletName("jbiServlet"); > mapping.setPathSpec("/*"); > handler.setServletMappings(new ServletMapping[] { mapping }); > context.setHandler(handler); > server.setHandler(context); > context.setAttribute("binding", this); > try { > server.start(); > } > catch (Exception e) { > log.warn(e.toString()); > throw new JBIException("Start failed: " + e, e); > } > } > > --snap-- > > This mail has originated outside your organization, either from an external partner or the Global Internet. Keep this in mind if you answer this message. > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=k&kid0944&bid$1720&dat1642 > _______________________________________________ > Jetty-support mailing list > Jet...@li... > https://lists.sourceforge.net/lists/listinfo/jetty-support > |