aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes doubt in j2ee authentication mechanisms [CLIENT_CERT] Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "doubt in j2ee authentication mechanisms [CLIENT_CERT]" Watch "doubt in j2ee authentication mechanisms [CLIENT_CERT]" New topic
Author

doubt in j2ee authentication mechanisms [CLIENT_CERT]

Minu Jain
Ranch Hand

Joined: Mar 24, 2008
Posts: 74
Is the following statement true or false?
If your DD correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use your application.

The answer is false while I think it should be true.

SCBCD5, SCWCD5, SCJP5
"Even if you're on the right track, you'll get run over if you just sit there."
niisha guupta
Greenhorn

Joined: Dec 26, 2008
Posts: 6
i also suppose that answer should be true.....

This link will be helpful...

http://edocs.beasys.co.jp/e-docs/wls/docs90/security/thin_client.html
niisha guupta
Greenhorn

Joined: Dec 26, 2008
Posts: 6
"official source " in this statement can be the key ......Digital certificate TP(third party) is this an official resource??
Marut pandey
Ranch Hand

Joined: Mar 10, 2008
Posts: 43
"your users must have a certificate from an official source before they can use your application. " Answer false is correct. Even if user do not have certificate. server will prompt certificate acceptance, so to access that application You do not need to have certificate prior. if I am not correct. let me know.
niisha guupta
Greenhorn

Joined: Dec 26, 2008
Posts: 6
your users must have a certificate from an official source before they can use your application.

but after the prompt as they are not certified(they don't have certificate).Will they be able to use the application?
Marut pandey
Ranch Hand

Joined: Mar 10, 2008
Posts: 43
As per my understanding. When we make any website SSL encrypted . We do purchase valid certificate from some Vendor like Veri-sign which we configure on server, so as long as server has valid certificate. whenever any user try to access that site he will get client certificate if he does not have certificate before. please correct me if i am wrong.
niisha guupta
Greenhorn

Joined: Dec 26, 2008
Posts: 6
YES I HAVE ALSO READ SAME

"where the server provides a certificate to your browser. Depending on your browser's security settings, you generally see a dialog box asking whether or not you want to trust the certificate the server is offering you (we hope signed by Thawte, VeriSign, or whomever). If you accept, the transaction can continue, and the server's public key can be used to encrypt communications between you. So certificates provide the foundation for secure transport as well as dealing with the issue of identify.
"

Please tell if i am wrong?
Marut pandey
Ranch Hand

Joined: Mar 10, 2008
Posts: 43
Hi Nisha,

I am really very confused on this matter. I will request to javarachers to clear my doubt.
Marut pandey
Ranch Hand

Joined: Mar 10, 2008
Posts: 43
"If your DD correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use your application. "

Client need to have certificate but necessarily from some Official source. Client can use self signed certificate with client get from browser. That's why 'false' would be right option for above question. if anybody have another opinion. let us know.
Jonathan Elkharrat
Ranch Hand

Joined: Dec 31, 2008
Posts: 170

i hope i'm not wrong, but doesn't the server need a certificate?
the client gets his public key from the server, that's how SSL works...

http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html


SCJP 5, SCWCD 5, SCBCD 5
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: doubt in j2ee authentication mechanisms [CLIENT_CERT]