小编Jam*_*mes的帖子

我试图从Apache Web服务器(SSL)向Tomcat应用程序传递x509客户端证书(我的浏览器上安装了测试证书).我现在配置它的方式,应用程序的弹簧安全性没有找到(因此没有转发)证书.

DEBUG: [http-8080-1]  org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter - No client certificate found in request.

Apache服务器ssl.conf文件配置如下(我省略了不相关的部分):

LoadModule ssl_module modules/mod_ssl.so

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

NameVirtualHost *:443

<VirtualHost *:443>

    ...

    SSLVerifyClient require
    SSLVerifyDepth 2

    ...

    # initialize the SSL headers to a blank value to avoid http header forgeries
    RequestHeader set SSL_CLIENT_CERT ""
    RequestHeader set SSL_CLIENT_VERIFY ""

    # add whatever SSL_* variables needed to pass to web application
    RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"

    RequestHeader add X-Forwarded-Scheme …

我正在进行搜索,我试图将响应从a转换HttpSolrServer为json格式.答案来自于SolrDocumentList.我现在的代码是:

SolrQuery solrQuery = new SolrQuery(query);
solrQuery.setParam("wt", "json");  //doesn't affect the return format

QueryResponse rsp = solrServer.query(solrQuery);
SolrDocumentList docs = rsp.getResults();

return docs.toString();

当我打印出退货时,它会返回:

{numFound=2,start=0,docs=[SolrDocument{cat=[electronics, camera], features=[3x zoop, 7.1 megapixel Digital ELPH, movie clips up to 640x480 @30 fps, 2.0" TFT LCD, 118,000 pixels, built in flash, red-eye reduction], id=9885A004, inStock=true, includes=32MB SD card, USB cable, AV cable, battery, manu=Canon Inc., manufacturedate_dt=Mon Feb 13 10:26:37 EST 2006, name=Canon PowerShot SD500, popularity=7, price=329.95, store=45.17614,-93.87341, weight=6.4}, SolrDocument{cat=[electronics, multifunction …

我一直在尝试使用他们的x509证书通过LDAP对用户进行身份验证,但似乎无法使用它.我声明了一个身份验证提供程序,但我仍然收到一个错误,说没有提供程序.

这是我的调试输出:

INFO: Initiating Jersey application, version 'Jersey: 1.12 02/15/2012 04:51 PM'
DEBUG: o.s.security.web.FilterChainProxy - /x509 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG: o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG: o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG: o.s.security.web.FilterChainProxy - /x509 at position 2 of 8 in additional filter chain; firing Filter: 'customX509AuthenticationFilter'
DEBUG: m.d.CustomX509AuthenticationFilter - Checking secure context token: null
DEBUG: m.d.CustomX509AuthenticationFilter - X.509 …

我正在尝试创建一个bean,我收到一个错误.我已经缩小到这个特定的bean并且在引用API文档之后,我不明白为什么每当我部署.war文件时它都会被抛出.希望我遗漏一些简单的东西.

这是app-security.xml内容:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd

    <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <constructor-arg value="ldap://localhost:389/dc=mydomain,dc=com" />
        <property name="userDn" value="cn=manager,dc=mydomain,dc=com" />
        <property name="password" value="password" />
    </beans:bean>

    <context:annotation-config/>
    <context:component-scan base-package="my.current.project"/>

</beans:beans>

这是我的maven pom.xml的片段:

<properties>
    ...
    <spring.security.version>3.1.1.RELEASE</spring.security.version>
    ...
</properties>

<dependencies>
    ...
    <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-core</artifactId>
         <version>${spring.security.version}</version>
    </dependency>
    <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-web</artifactId>
         <version>${spring.security.version}</version>
    </dependency>
    <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-config</artifactId>
         <version>${spring.security.version}</version>
    </dependency>       
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-ldap</artifactId>
        <version>${spring.security.version}</version>
    </dependency>
    <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-taglibs</artifactId>
         <version>${spring.security.version}</version>
    </dependency>
    ...
</dependencies>

这是抛出的错误:

SEVERE: Context initialization …