You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Shankar Unni <sh...@netscape.net> on 2006/08/01 03:18:49 UTC
HTTPS connector and clientAuth=want: how to retrieve client cert
in servlet?
I'm using Tomcat 5.5.17's HTTPS connector, with clientAuth set to "want".
(Note: I don't want Tomcat to do the authentication itself - I simply
want to pass the client cert to the servlet for its own use; I'm trying
to set up an *optional* client-cert-based authentication setup that can
fall back to an application-specific login sequence.)
When I turn on SSL debugging on the client
(-Djavax.net.debug=ssl,handshake,data,trustmanager), I see the
certificate being loaded from the client's keystore (and presumably
passed to the server).
However, I'm stuck trying to retrieve the client certificate from the
ServletRequest in the servlet itself.
Q: How do I get to the client's X.509 certificate? Help!
Thx,
--
Shankar Unni.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HTTPS connector and clientAuth=want: how to retrieve client cert
in servlet?
Posted by Shankar Unni <sh...@netscape.net>.
Shankar Unni wrote:
>> However, I'm stuck trying to retrieve the client certificate from the
>> ServletRequest in the servlet itself.
Never mind - I had botched the truststore setup for the server, so the
client cert was not being passed in.
Answer for the archives:
import java.security.cert.X509Certificate;
String certAttrName = "javax.servlet.request.X509Certificate";
X509Certificate[] certchain =
(X509Certificate[])request.getAttribute(certAttrName);
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HTTPS connector and clientAuth=want: how to retrieve client cert
in servlet?
Posted by Shankar Unni <sh...@netscape.net>.
Shankar Unni wrote:
> However, I'm stuck trying to retrieve the client certificate from the
> ServletRequest in the servlet itself.
>
> Q: How do I get to the client's X.509 certificate? Help!
I forgot to mention: the attributes that I do see in HttpServletRequest are:
req attrName = javax.servlet.request.cipher_suite
req Value = SSL_RSA_WITH_RC4_128_MD5
==
req attrName = javax.servlet.request.key_size
req Value = 128
==
req attrName = javax.servlet.request.ssl_session
req Value = ...
No peer_certificates..
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org