[jetty-users] Web application ARchive file security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Web application ARchive file security

From: deepak dhandapani <deepakd020395@xxxxxxxxx>
Date: Sun, 11 Aug 2019 20:08:15 +0530
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hello,

I'm looking to protect my WAR file deployed into Jetty server. I did add signature to the WAR file following the site https://docs.oracle.com/javase/tutorial/deployment/jar/signindex.html but this alone is not enough as it is possible for malicious tampering by third personnel by removing the signature contents.

I'm looking to add client server authentication using certificate to WAR file just like we do for HTTPS requests.

My question is, is this possible in Jetty to do so? by including the client certificate inside WAR file and server certificate to be imported into Jetty server keystore to verify the WAR file provider as an second step verification?

Thanks in advance!

Prev by Date: [jetty-users] linux jetty service cannot write log directory /logs
Next by Date: Re: [jetty-users] How to overcome partial deployment
Previous by thread: [jetty-users] linux jetty service cannot write log directory /logs
Next by thread: [jetty-users] How to handle chunked response in Jetty's transparent proxy servlet
Index(es):
- Date
- Thread

Breadcrumbs