Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JNLP and Web Start and the fly likes Client Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "Client Authentication" Watch "Client Authentication" New topic
Author

Client Authentication

Mark Verkade
Greenhorn

Joined: Sep 07, 2006
Posts: 1
Hello people,

I have a question that perhaps somebody here can help me with. I've made a WebStart application which is running fine at the moment (we're still testing it). But before we're actually gonna release the application to our users, we'd like to restrict the access to people who have a valid certificate (provided by us) installed on their computer.

Does anyone know how I can let the application check for a valid client certificate?
I know it's possible to open a local file, with FileInputStream pointing to the filename, but I'd like to check if the client certificate is present in the JVM/Browser repository, since that's where the certificates are already installed by our users.

I have been searching for this a lot, but I can't seem too find anything usefull. I don't even know if it's possible, in the first place.

So, any help is appreciated! Thanks!
Jared Cope
Ranch Hand

Joined: Aug 18, 2004
Posts: 243
Hi,

Originally posted by Mark Verkade:

we'd like to restrict the access to people who have a valid certificate (provided by us) installed on their computer.


Is it a requirement to have a client certificate file for the authentication?

We have the same requirement for application access security, but we have Apache control who gets to access the .jnlp files (normal webserver configuration stuff) and if they supply the correct credentials then they can access the .jnlp and hence start the application.

This process might also work for you. It means that you are always in control of who can access the application (client certificates could be copied around etc).

Just an idea.

Cheers, Jared.
[ September 08, 2006: Message edited by: Jared Cope ]

SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
 
Consider Paul's rocket mass heater.
 
subject: Client Authentication