From: <glassfish_at_javadesktop.org>
Date: Fri, 15 May 2009 03:46:32 PDT

I wish to make a servlet with mutual authentication through HTTPS.

I make a test servlet.
I configure the web.xml for CONFIDENTIAL transport etc. (see the web.xml above)
I open the %glassfishhome%/domains/domain1/config/keystore.jks
I make new key pair called testCN and save it.
I open glassfish admin gui (HttpService → http-listener2 → SSL → change the certificate nickname using the nick name testCN) and enable client authentication

I export "private key and certificates" in PKCS#12 format
I import the exported file in firefox.
Then try to access the test servlet but it doesn't works(firefox tell me that the connection was interruptedd during the page loading)

What's wrong?
thanks

p.s. I'm using portecle tool for keystore managment.

WEB.XML

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        </welcome-file-list>
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>protectedResource</web-resource-name>
            <description/>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>authorized</role-name>
            </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
        </security-constraint>
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
        </login-config>
    <security-role>
        <description/>
        <role-name>authorized</role-name>
    </security-role>
    </web-app>

SUN-WEB.XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/canc</context-root>
  <security-role-mapping>
    <role-name>authorized</role-name>
    <principal-name>principal</principal-name>
    <group-name>ggroup</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>
[Message sent by forum member 'peppeme' (peppeme)]

http://forums.java.net/jive/thread.jspa?messageID=346401