users@grizzly.java.net

Re: Client authentication via SSL

From: Oleksiy Stashok <Oleksiy.Stashok_at_Sun.COM>
Date: Tue, 25 Aug 2009 13:41:25 +0200

Hi,

can you pls. send the sources, I'll try to reproduce the issue and see
if I can help there.

Thanks.

WBR,
Alexey.

On Aug 25, 2009, at 12:30 , Alaska wrote:

>
> Hello!
>
> My goal is to implement the SSL Layer that is able to get the Client
> authentication.
> The client certificate is stored in the browser.
>
> Do you have any ideas why it is not working?
>
> I get the following error message:
>
>
> Aug 25, 2009 12:20:11 PM com.sun.grizzly.Controller start
> INFO: Starting Grizzly Framework 1.9.18-M1 - Tue Aug 25 12:20:11
> CEST 2009
> SSLFilter isNeedClientAuth true
> Aug 25, 2009 12:20:17 PM com.sun.grizzly.DefaultProtocolChain
> executeProtocolFilter
> SEVERE: ProtocolChain exception
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
> com
> .sun
> .net
> .ssl
> .internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:
> 352)
>
> thank you,
> alaska
> ++++++++++++++++++++++++++++
>
> the SSLReadFilter is doing:
>
>
> public class SSLFilter extends SSLReadFilter {
>
> public static Logger logger =
> Logger.getLogger(SSLFilter.class.getName());
>
> public SSLFilter() {
> super();
>
> }
> public boolean execute(Context context) throws IOException {
>
> SSLSession session;
>
> this.setClientMode(false);
> this.setNeedClientAuth(true);
>
> super.execute(context);
>
> say("isNeedClientAUth " + this.isNeedClientAuth());
>
> WorkerThread workerThread = (WorkerThread)
> Thread.currentThread();
> SelectionKey selectionKey = context.getSelectionKey();
> SSLEngine sslEngine = workerThread.getSSLEngine();
>
> session = sslEngine.getSession();
>
> say("sslengine host " + sslEngine.getPeerHost());
> say("port " + sslEngine.getPeerPort());
> say("need auth? " + sslEngine.getNeedClientAuth());
>
>
> X509Certificate[] cert = (X509Certificate[])
> session.getPeerCertificates();
>
> Principal subject = cert[0].getSubjectDN();
>
> return true;
> }
> postexecute(){
> ...
> }
> }
> --
> View this message in context: http://www.nabble.com/Client-authentication-via-SSL-tp25131956p25131956.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.