Josh Cummings
f2640279c4
Add X.509 + FormLogin MFA Sample
|
2 gün önce | |
|---|---|---|
| .. | ||
| etc | 2 gün önce | |
| gradle | 2 gün önce | |
| src | 2 gün önce | |
| README.adoc | 2 gün önce | |
| build.gradle | 2 gün önce | |
| gradle.properties | 2 gün önce | |
| gradlew | 2 gün önce | |
| gradlew.bat | 2 gün önce | |
| settings.gradle | 2 gün önce | |
README.adoc
= X.509 + Form Login MFA Sample
This sample demonstrates configuring Spring Security to require both an X.509 Certificate and a Username/Password Login in order to enter the site with full permissions.
== Preparing to Use X.509
This sample is intended to be used in a browser.
As such, you should:
1. Configure your browser to trust the `ca.crt` that accompanies this project
2. Configure your browser with the `josh-keystore.p12` client certificate
Both `api-keystore.p12` and `josh-keystore.p12` use keys signed by `ca.crt`.
This means that after the above steps are performed, you can also use this application without getting a security warning in your browser.
== Using the Sample
To run, please use:
.Java
[source,java,role="primary"]
----
./gradlew :bootRun
----
This will start an application on 8443, meaning you will need to reach it using HTTPS.
You can reach the website at https://api.127.0.0.1.nip.io:8443.
If that isn't working for you, please try https://localhost:8443.
With the client certificate (`josh-keystore.p12`) correctly installed in the browser, it will ask you which client certificate you want to you.
Select `josh`.
You will then be redirected to the login page where you can use `josh/password` as the username and password.
This sample demonstrates configuring Spring Security to require both an X.509 Certificate and a Username/Password Login in order to enter the site with full permissions.
== Preparing to Use X.509
This sample is intended to be used in a browser.
As such, you should:
1. Configure your browser to trust the `ca.crt` that accompanies this project
2. Configure your browser with the `josh-keystore.p12` client certificate
Both `api-keystore.p12` and `josh-keystore.p12` use keys signed by `ca.crt`.
This means that after the above steps are performed, you can also use this application without getting a security warning in your browser.
== Using the Sample
To run, please use:
.Java
[source,java,role="primary"]
----
./gradlew :bootRun
----
This will start an application on 8443, meaning you will need to reach it using HTTPS.
You can reach the website at https://api.127.0.0.1.nip.io:8443.
If that isn't working for you, please try https://localhost:8443.
With the client certificate (`josh-keystore.p12`) correctly installed in the browser, it will ask you which client certificate you want to you.
Select `josh`.
You will then be redirected to the login page where you can use `josh/password` as the username and password.