jetty_gwt_ssl

Steps to get gwt + ssl + jetty running:

1) set up jetty with ssl support, which means creating a keystore with the server's self signed key (for testing only), and a trust store containing the CAs that signed your own cert (e.g., if you use a cac card, the cas that validate your cac).

2) edit etc/jetty-https.xml with the necessary info to access the keystore and truststore

3) start jetty with ssl support: java -jar start.jar etc/jetty-https.xml

4) have the client (front end gwt gui) call your servlet to extract certificate:

X509Certificate certs[] =

(X509Certificate[])getThreadLocalRequest().getAttribute("javax.servlet.request.X509Certificate");

if (certs != null) {

for (int i = 0; i < certs.length; i++) {

System.out.println("Client Certificate [" + i + "] = " + certs[i].toString());

}

} else {

if ("https".equals(getThreadLocalRequest().getScheme())) {

System.out.println("This was an HTTPS request, " + "but no client certificate is available");

} else {

System.out.println("This was not an HTTPS request, " + "so no client certificate is available");

}

5) If you want to test this from gwt/eclipse you need to run the webapplication on a remote server: Debug As (Web Application running on remote server) and enter the servers information. (e.g., https://localhost:8443/webapp/webapp.html)

On how to set up jetty with ssl: http://wiki.eclipse.org/Jetty/Howto/Configure_SSL

UPDATE:

On newer Jetty models we need to modify the etc/jetty.xml file to include:

<Arg>

<Arg>

<Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>

<Set name="keyStorePassword">password</Set>

<Set name="keyManagerPassword">password</Set>

<Set name="trustStore"><SystemProperty name="jetty.home" default="."/>/etc/truststore</Set>

<Set name="trustStorePassword">storepassword</Set>

</New>

</Arg>

</New>

</Arg>

</Call>

Then invoke via: java -jar start.jar