...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1"> <context-root>/Sample_CertificatePropsRealm</context-root> ... <security-realm-name>CertificatePropsRealm</security-realm-name> <security> <principal class="org.apache.geronimo.security.realm.providers. GeronimoUserPrincipal" name="client1"/> <!-- name should match the entries from cert-users.properties of the realm --> </default-principal> <role-mappings> <role role-name="content-administrator"> <realm realm-name="CertificatePropsRealm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/> <!-- name should match the entries from cert-groups.properties of the realm --> <principal class="org.apache.geronimo.security.realm.providers. GeronimoUserPrincipal" name="client1"/> ... </realm> </role> </role-mappings> </security> </web-app> |
where *
<security-realm-name>CertificatePropsRealm</security-realm-name>
:CertificatePropsRealm
is the properties file security realm used for client authentication.
You can install a client certificate into the web browser to authenticate against Web servers. The client certificate should be based on the information provided in the group and user properties files.
properties file 2个 例子 字段和key中字段的关系
web servers. For the sample application described above which use the CertificatePropsRealm
security realm, install the My_Private_key
certificate into your web browser to verify your identity, in this case client1, during authentication. The installation process is provided in the Install certificate on client section below.
Install certificate on client
To use a client certificate to authenticate against web server, you should first install the the CA certificate and the client certificate into your web browser. Most browsers provide such installation function.
Install the CA certificate to designate this CA as trusted and thus, grant access to any web sites certified by this CA. If not installed, accessing web sites certified by this CA leads to a warning message suggesting the "Web Site Certified by an Unknown Authority".
In Mozilla Firefox, certificates can be installed with the Import option in the Certificate Manager.创建 security realm deployment descriptor deployment plan