在Weblogic 10上有一个ADF应用程序,偶尔可以访问Java applet。只要不需要就加载Java applet,而不管它什么时候都不加载。 applet目前位于public_html / applet文件夹中。
当我们将SSL配置设置为需要客户端证书时,当Java小程序加载时,它会不断要求客户端证书:
请求身份验证 需要识别。请选择要用于身份验证的证书。
这对用户来说很烦人,Java Applet也不需要身份验证。有什么办法可以禁用身份验证或删除提示吗?
这是嵌入式小程序代码:
编辑:我已经尝试过的事情:
1)在HTTP而不是HTTPS上设置Applet;我收到有关混合内容的警告,仍然会获得身份验证弹出窗口。
2)创建了一个最小的applet,它只输出" HELLO WORLD"在控制台中,仍然可以获得身份验证弹出窗口
这是控制台窗口:
Java Plug-in 1.6.0_35
Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
User home directory = C:\Users\mfan
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]
network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
(and here's where the prompt comes up).
答案 0 :(得分:0)
您说您的applet不需要客户端身份验证,因此您可以将applet jar放在http位置。然后,您必须为此http位置指定 codebase 参数。例如,如果您将jar作为资源放在
http://public.test/somewhere/myApplet.jar
codebase = http://public.test/somewhere/
archive = myApplet.jar
但是我认为这可能是配置问题,您可以将Web服务器配置为请求客户端证书身份验证(可选择在applet位置上不需要)。
希望这有帮助,
编辑:
您可以将webLogic置于代理(如apache http服务器)之后,这是一个配置代理,仅在特定位置要求客户端证书。 apache http服务器案例的配置示例如下所示:
##
## SSL Virtual Host Context
##
<VirtualHost myHost:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
JkMount /myWeb loadBalancer
JkMount /myWeb/* loadBalancer
<Location /myWeb/login/certificateLoginLocation>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule .* http://myHost/myWeb/accesForbbiden.htm
</Location>
</VirtualHost>
答案 1 :(得分:0)
好吧,我不确定weblogic,我使用jboss,我知道没有办法做到这一点。
所以我们所做的就是在前面安装一个apache,作为反向代理
和配置看
Listen vgw_mgmt:443
<VirtualHost vgw_mgmt:443>
DocumentRoot /srv/www/
SSLEngine on
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
SSLOptions +ExportCertData +StdEnvVars
SSLCertificateFile /etc/httpd/ssl/server-mgmt.pem
SSLCertificateKeyFile /etc/httpd/ssl/server-mgmt.key
SSLVerifyDepth 3
SSLCACertificateFile /etc/httpd/ssl/trustedca-mgmt.pem
SSLVerifyClient none
ProxyPass /webmgr/ ajp://webapps:8009/webmgr/
<Location /webmgr/>
SSLVerifyClient optional
</Location>
<Location /webmgr/javascript/>
SSLVerifyClient none
</Location>
</VirtualHost>
所以,每当用户点击https : // pro xy /webmgr/时,客户端身份验证都会提示(我们使用“可选”而非“必需”的原因)是因为我们想显示不错的错误页面告诉客户您需要提供证书才能登录)
并且,我的applet存储在/webmgr/javascript/applet.jar
中所以当小程序加载
时<applet archive="applet.jar" codebase="/webmgr/javascript/" name="jsapplet" id="jsapplet" code="myapps.mylittleprogram" height="1" width="1"></applet>
它将跳过客户端身份验证。
答案 2 :(得分:0)
由于我们的应用程序是在http和https上,我只是将存档设置为http://,现在它可以正常工作。