Thanks for reply。 Now I can use SSLSocketFactory to establish SSL connection with JBoss。 But when I add "CLIENT-CERT" auth-method in server's web.xml like this:
<login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> The fllowing problem appear : --------------------------------------------------- executing requestGET https://10.100.123.235:8443/httpsServer/TestServlet?test=xxx HTTP/1.1 DEBUG [main] org.apache.http.impl.conn.SingleClientConnManager - Get connection for route HttpRoute[{s}->https://10.100.123.235:8443] DEBUG [main] org.apache.http.impl.conn.DefaultClientConnectionOperator - Connecting to /10.100.123.235:8443 DEBUG [main] org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match DEBUG [main] org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection - Sending request: GET /httpsServer/TestServlet?test=xxx HTTP/1.1 DEBUG [main] org.apache.http.wire - >> "GET /httpsServer/TestServlet?test=xxx HTTP/1.1[\r][\n]" DEBUG [main] org.apache.http.wire - >> "Host: 10.100.123.235:8443[\r][\n]" DEBUG [main] org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" DEBUG [main] org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]" DEBUG [main] org.apache.http.wire - >> "[\r][\n]" DEBUG [main] org.apache.http.headers - >> GET /httpsServer/TestServlet?test=xxx HTTP/1.1 DEBUG [main] org.apache.http.headers - >> Host: 10.100.123.235:8443 DEBUG [main] org.apache.http.headers - >> Connection: Keep-Alive DEBUG [main] org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.1.1 (java 1.5) DEBUG [main] org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG [main] org.apache.http.wire - << "Server: Apache-Coyote/1.1[\r][\n]" DEBUG [main] org.apache.http.wire - << "Pragma: No-cache[\r][\n]" DEBUG [main] org.apache.http.wire - << "Cache-Control: no-cache[\r][\n]" DEBUG [main] org.apache.http.wire - << "Expires: Thu, 01 Jan 1970 08:00:00 CST[\r][\n]" DEBUG [main] org.apache.http.wire - << "Content-Type: text/html;charset=utf-8[\r][\n]" DEBUG [main] org.apache.http.wire - << "Content-Length: 1097[\r][\n]" DEBUG [main] org.apache.http.wire - << "Date: Fri, 22 Apr 2011 12:04:17 GMT[\r][\n]" DEBUG [main] org.apache.http.wire - << "[\r][\n]" DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection - Receiving response: HTTP/1.1 401 Unauthorized DEBUG [main] org.apache.http.headers - << HTTP/1.1 401 Unauthorized DEBUG [main] org.apache.http.headers - << Server: Apache-Coyote/1.1 DEBUG [main] org.apache.http.headers - << Pragma: No-cache DEBUG [main] org.apache.http.headers - << Cache-Control: no-cache DEBUG [main] org.apache.http.headers - << Expires: Thu, 01 Jan 1970 08:00:00 CST DEBUG [main] org.apache.http.headers - << Content-Type: text/html;charset=utf-8 DEBUG [main] org.apache.http.headers - << Content-Length: 1097 DEBUG [main] org.apache.http.headers - << Date: Fri, 22 Apr 2011 12:04:17 GMT DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Target requested authentication DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler - Authentication schemes in the order of preference: [negotiate, NTLM, Digest, Basic] DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler - Challenge for negotiate authentication scheme not available DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler - Challenge for NTLM authentication scheme not available DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler - Challenge for Digest authentication scheme not available DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler - Challenge for Basic authentication scheme not available WARN [main] org.apache.http.impl.client.DefaultHttpClient - Authentication error: Unable to respond to any of these challenges: {} ---------------------------------------- HTTP/1.1 401 Unauthorized Response content length: 1097 --------------------------------------------------- [my Client Code :] DefaultHttpClient httpclient = new DefaultHttpClient(); try { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream instream = ClientCustomSSL.class.getResourceAsStream("/push-app.truststore"); try { trustStore.load(instream, "apppassword".toCharArray()); } finally { try { instream.close(); } catch (Exception ignore) {} } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); instream = ClientCustomSSL.class.getResourceAsStream("/push-app.keystore"); try { keyStore.load(instream, "apppassword".toCharArray()); } finally { try { instream.close(); } catch (Exception ignore) {} } SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,"apppassword",trustStore); Scheme sch = new Scheme("https", 8443, socketFactory); httpclient.getConnectionManager().getSchemeRegistry().register(sch); HttpGet httpget = new HttpGet("https://10.100.123.235:8443/httpsServer/TestServlet?test=xxx";); System.out.println("executing request" + httpget.getRequestLine()); HttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------"); System.out.println(response.getStatusLine()); if (entity != null) { System.out.println("Response content length: " + entity.getContentLength()); } EntityUtils.consume(entity); } catch(Exception ex){ logger.error(ex); } finally { httpclient.getConnectionManager().shutdown(); } Is something wrong with my client code? 2011-04-22 Zhaochen 发件人: Oleg Kalnichevski <[email protected]> 发送时间: 2011-04-22 19:48 主 题: Re: Why AuthSSLProtocolSocketFactory no longer in HttpClient 4.1 ? What shold do to perform SSL auth? 收件人: HttpClient User Discussion <[email protected]> On Fri, 2011-04-22 at 08:51 +0800, 陈朝 wrote: > Hi there: > Why AuthSSLProtocolSocketFactory no longer in HttpClient 4.1 ? What shold do > to perform SSL auth? > > 2011-04-21 > > > > Zhao Chen AuthSSLProtocolSocketFactory functionality has been incorporated into the standard SSLSocketFactory distributed with HttpClient. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
