You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by renz <re...@areasante.com> on 2015/05/22 15:46:28 UTC
Re: obtaining the principal from a client certificate
Hello,
It's a bit old, but did you find a way to do it?
Thks
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/obtaining-the-principal-from-a-client-certificate-tp3318825p4675006.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: obtaining the principal from a client certificate
Posted by Romain Manni-Bucau <rm...@gmail.com>.
hi
if you get the request somehow you can use
javax.servlet.request.X509Certificate
attribute
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2015-05-28 14:35 GMT+02:00 renz <re...@areasante.com>:
> My problem was to retrieve the client certificate in my Jaas Login Module
> in
> order to verify that it matches with the client login (I only use remote
> EJB
> through HTTPS).
>
> I've found a different way since I'm using a reverse proxy for the SSL part
> :
> 1. The reverse Proxy (NGINX) verify client certificate and put its DN in a
> HTTP Header
> 2. I've implemented a Valve that get this header value and put it in a
> ThreadLocal (and release it in destroyInternal)
> 3. Retrieve the client DN from the ThreadLocal
> 4. ...
>
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/obtaining-the-principal-from-a-client-certificate-tp3318825p4675072.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>
Re: obtaining the principal from a client certificate
Posted by renz <re...@areasante.com>.
My problem was to retrieve the client certificate in my Jaas Login Module in
order to verify that it matches with the client login (I only use remote EJB
through HTTPS).
I've found a different way since I'm using a reverse proxy for the SSL part
:
1. The reverse Proxy (NGINX) verify client certificate and put its DN in a
HTTP Header
2. I've implemented a Valve that get this header value and put it in a
ThreadLocal (and release it in destroyInternal)
3. Retrieve the client DN from the ThreadLocal
4. ...
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/obtaining-the-principal-from-a-client-certificate-tp3318825p4675072.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: obtaining the principal from a client certificate
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Can you explain a bit more please.
If you use a X509 certificate with client authentification, then Tomcat
does that out of the box.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Fri, May 22, 2015 at 3:46 PM, renz <re...@areasante.com> wrote:
> Hello,
>
> It's a bit old, but did you find a way to do it?
>
> Thks
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/obtaining-the-principal-from-a-client-certificate-tp3318825p4675006.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>