English 中文(简体)
How can I use user s certificate?
原标题:

I can t understand general scheme using certificates. For example: I have account on the some website. I have name and password. What should I do to login to this site? - I should open _https://website:443/login and fill out fields, and if all is ok, I ll obtain admittance.

Now, I would like to perform these steps programmatically usin java + httpclient(apache). I ve written:

client = new DefaultHttpClient();

client.getParams().setParameter(ClientPNames.COOKIE_POLICY, 
                                CookiePolicy.BEST_MATCH);
client.setCookieStore(new BasicCookieStore());
client.getCredentialsProvider()
      .setCredentials(new AuthScope(ADDRESS, new Integer(PORT)),
                      new UsernamePasswordCredentials(USERNAME, USERPWD));

And I should create trustStore with server s certificate:

System.setProperty("javax.net.ssl.trustStore", "./KeyStore/myca");

where myca were made with InstallCert.java - Sun s product.

But I would like to perform all this steps programmatically, like Browser(FFox, or Opera) import server s certificate...User just want to use only my application, not a set of additional application.

How can I do perform it?

And now, the main problem: why do servers not require user s certificate? And how do I can use my own certificate to authenticate? (If I have user s certificate I will not need name password to login to server?)

最佳回答

why do servers not require user s certificate?

Servers do not require user certificates, because most users don t have one, don t now what it is and how to get one. And even if they would, such a certificate is either difficult or expensive to obtain, so many user won t get one.

So any server requiring a client certificate would reduce the number of users probably by a factor of 1000. Most server owners don t want that.

If I have user s certificate I will not need name password to login to server?

Depends on your requirements. Requiring a certificate + username/password would be considered a two factor authentication, which is a stronger form of protection, then just requiring one factor. It would get even stronger by asking for some kind of biometric identification.

How can I do perform it?

Perform exactly what? You are talking about doing things "programmatically", but you already present code ...?

And how do I can use my own certificate to authenticate?

This should be done in the configuration of your server. You need to setup a trust store containing the trustet root certificates + require client authenticatication in the ssl configuration. e.g search here for clientauth.

时间:2010-01-07 09:50:20
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

时间:2009-11-13 05:05:41 回答:3 展示:1
Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

时间:2009-11-09 14:50:12 回答:4 展示:1
Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

时间:2009-11-09 14:44:57 回答:2 展示:1
How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

时间:2009-11-05 09:41:59 回答:5 展示:1
SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

时间:2009-11-05 09:26:46 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全