The keystore, cacerts, contains many common
root CA certificates (see http://java.sun.com/j2se/1.4.2/docs/tooldocs/
windows/keytool.html#Certificates); however, if you established your own CA, the
JRE has no knowledge of the CA that signed your server certificate.
To specify a different keystore containing information about your CA when starting
WebClient, provide a system property for the keystore location
javax.net.ssl.trustStore and a system property for the keystore type
javax.net.ssl.trustStoreType.
The following command starts WebClient with the keystore of the CA created
earlier:
Prompt> java -jar
-Djavax.net.ssl.trustStore=C:\jstk-1.0.1\cadir\ca.ks
-Djavax.net.ssl.trustStoreType=jks
webclient.jar
Figure 3??“41 shows a typical SSL communication with Tomcat through WebClient.
The page requested is https://localhost/.
Chapter 3 ?– Declarative Security 176
Figure 3??“41 Test of SSL connection to Apache Tomcat, https://localhost/. When
starting WebClient, command-line system properties specify information about the Root
CA (for the returned SSL server certificate).
This page intentionally left blank
PROGRAMMATIC
SECURITY
Topics in This Chapter
??? Combining container-managed and programmatic
security
??? Using the isUserInRole method
??? Using the getRemoteUser method
??? Using the getUserPrincipal method
??? Programmatically controlling all aspects of security
??? Using SSL with programmatic security
179
Chapter Chapter 4
Chapter 3 (Declarative Security) introduced two fundamental aspects of Web
application security:
1.
Pages:
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224