java - 当客户端身份验证在码头服务器上失败时，浏览器上出现空白屏幕

问题描述

我使用嵌入式码头服务器创建了一个 Java REST API，并启用了客户端身份验证。在客户端身份验证中，我获取客户端证书的 CN 并查看它是否是允许的。我创建了一个过滤器类来处理上述客户端身份验证逻辑。但是，当客户端身份验证失败并返回过滤器时，没有任何响应被发回，并且从点击 API 的浏览器上会出现一个空白屏幕。理想情况下，它应该响应一些错误。我从已经添加了有效客户端证书的浏览器中访问 API

在过滤器的响应对象中，我已经在响应中添加了一个返回状态和一些其他的东西来使它结束请求，但它没有工作。

Enabling client auth which configuring SslContextFactory:

SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword("changeit");
sslContextFactory.setKeyManagerPassword("changeit");
sslContextFactory.setCertAlias("selfsignlatest");
sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setTrustStore(keyStore);
sslContextFactory.setTrustStorePassword("changeit");

Filter class doFilter method:

@Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        logger.debug("Filtering incoming request....");
        boolean isValid = false;
        HttpServletRequest httpreq = (HttpServletRequest) request;
        HttpServletResponse httpresp = (HttpServletResponse) response;
        X509Certificate[] certificates = (X509Certificate[]) httpreq.getAttribute("javax.servlet.request.X509Certificate");
        if(certificates!=null && certificates.length>0) {
            for(X509Certificate cert: certificates) {
                commanName = getCNfromDomainName(cert.getSubjectX500Principal().getName());
                if(commanName!=null && commanName.equals("clientjetty")) {
                    isValid = true;
                    break;
                }
            }
        }

        if(isValid) {
            chain.doFilter(request, response);
        }else {
            httpresp.reset();
            httpresp.setHeader("Connection", "close");
            httpresp.setStatus(HttpStatus.SC_UNAUTHORIZED);
            httpresp.flushBuffer();
            httpresp.sendError(-1);
            return;
        }
    }

标签： javajetty