登入認證驗證

需求:
為了提高安全性.
某人擁有某個認證,才能進行登入.

環境:
Tomcat

設計:
採用SSL,https登入.
伺服器驗證認證.(貌似SSL裡面自己做了驗證)
讀取認證資訊,檢查是否該對應登入人員.
   
實現:
1.下載openssl
編譯好的openssl下載:
http://www.slproweb.com/products/Win32OpenSSL.html

2.產生認證:
參考文章http://www.ibm.com/developerworks/cn/security/se-tcssl/index.html
產生3個認證:CA認證,伺服器憑證,用戶端認證.

3.修改tomcat的server.xml檔案

4.在servlet裡面讀取
boolean isSecure = request.isSecure();

String certAttribute = "javax.servlet.request.X509Certificate";
X509Certificate[] certificate =
(X509Certificate[]) request.getAttribute(certAttribute);

5.添加認證:
參考文章http://www.ibm.com/developerworks/cn/security/se-tcssl/index.html
產生用戶端認證.
在另一個用戶端安裝,用戶端就可以正常訪問了.

要點:
1.產生CA,伺服器,用戶端認證.
很混亂的關係.

問題:
1.serlet擷取認證對象,
java.security.cert.X509Certificate certs = (java.security.cert.X509Certificate) request.getAttribute("javax.servlet.request.X509Certificate");
提示java.lang.ClassCastException: [Ljava.security.cert.X509Certificate
得到的數組,改成如下:
java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

2.keytool常用命令
keytool -genkey 組建檔案

改進:
1.都是手工產生用戶端,怎麼自動產生用戶端認證.
2.SSL與JSSE的關係.
JSSE(JAVA Secure Socket Extension)
SSL (Secure Socket Layer)
JSSE provides a framework and an implementation for a Java language version of the SSL and TLS protocols.
3.IE可能匯入自訂認證出問題.
4.關於密碼
5.認證到期

參考文章:
配置Tomcat 4使用SSL
http://www.ibm.com/developerworks/cn/security/se-tcssl/index.html

tomcat實現SSL配置！(雙向)
http://www.dedecms.com/web-art/fuwuqi/20060913/26272.html