Client-Auth REQUESTED in GlassFish

Client Authentication is supported in GlassFish. This is one of the most common feature available in any web container.

Client-authentication can be enabled in Glassfish, by enabling the "client-auth-enabled" attribute of the "ssl" element of the http-listener. Currently, the clientauth can either be REQUIRED or NOT-REQUIRED.

But , as per javax.net.ssl.\*,  the client-auth can 3 values

  • need - REQUIRED. The client certificate is MUST to authenticate
  • want - REQUESTED. The client certificate is OPTIONAL to authenticate
  • blank - NOT REQUIRED. Do not need a client certificate to authenticate

With 2.1.1 patch 6, we plan to support the "want". This is enabled in the patch by a system property.

In domain.xml, please add the following property to http-listener element

<property name="com.sun.grizzly.ssl.auth" value="want"/>

When the browser prompts for providing the certificate, it becomes optional for the user to accept or deny passing on the certificate, to access the resource. Also, the apps written on top of Glassfish can decide on how they want to authorize such a behavior.

This feature is also available on glassfish v3


Comments:

Hi Kalpana,

Do you have an example of how to enable this for Glassfish v3? I've been trying, but unsuccessfully so far. Which tag do you add the property to? The protocol tag, the network-listener tag, or can you just add it as a system property. I've tried all three, but none have worked.

Posted by Liehann Loots on September 05, 2010 at 05:05 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Kalpana Karunamurthi

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today