Re: How to access the client's X509 Cert of an https request ?
Finally, I found at least one answer to this problem: http://hansonchar.blogspot.com/2008/04/tomcat-55-ssl-programming-puzzle.html Cheers, Hanson On Thu, Apr 10, 2008 at 6:20 PM, Hanson Char [EMAIL PROTECTED] wrote: s/Http12Processor/Http11Processor/ On Thu, Apr 10, 2008 at 6:18 PM, Hanson Char [EMAIL PROTECTED] wrote: I refer to tomcat 5.5.17. Assuming SSL client side authentication is used, I am trying to access the underlying client's X509 certificate of the SSL socket in a webapp. However, it appears such information can only be extracted from the SSL session, which is not made available to the servlet. I can see that this can be hacked around by modifying Http12Processor.java, such that the (SSL) socket is placed into a thread local for use by the webapp. But there must be a better/easier way than this, or some configuration magic I am missing ? Hanson
Re: How to access the client's X509 Cert of an https request ?
Hanson Char wrote: Finally, I found at least one answer to this problem: If you read the spec, there are simpler ways: spec-quote section=SRV.4.7 If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. /spec-quote Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to access the client's X509 Cert of an https request ?
Glad I asked in this forum. Now life is much simpler and portable :) Thank you. Hanson On Fri, Apr 11, 2008 at 1:22 AM, Mark Thomas [EMAIL PROTECTED] wrote: Hanson Char wrote: Finally, I found at least one answer to this problem: If you read the spec, there are simpler ways: spec-quote section=SRV.4.7 If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. /spec-quote Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to access the client's X509 Cert of an https request ?
I thought that is the only way. Is there any other way to get hold of the client cert? ++Vamsi On Fri, Apr 11, 2008 at 1:52 PM, Mark Thomas [EMAIL PROTECTED] wrote: Hanson Char wrote: Finally, I found at least one answer to this problem: If you read the spec, there are simpler ways: spec-quote section=SRV.4.7 If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. /spec-quote Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to access the client's X509 Cert of an https request ?
I found a hack to do that, with a much more complicated implementation: http://hansonchar.blogspot.com/2008/04/tomcat-55-ssl-programming-puzzle.html On Fri, Apr 11, 2008 at 11:35 AM, Vamsavardhana Reddy [EMAIL PROTECTED] wrote: I thought that is the only way. Is there any other way to get hold of the client cert? ++Vamsi On Fri, Apr 11, 2008 at 1:52 PM, Mark Thomas [EMAIL PROTECTED] wrote: Hanson Char wrote: Finally, I found at least one answer to this problem: If you read the spec, there are simpler ways: spec-quote section=SRV.4.7 If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. /spec-quote Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to access the client's X509 Cert of an https request ?
s/Http12Processor/Http11Processor/ On Thu, Apr 10, 2008 at 6:18 PM, Hanson Char [EMAIL PROTECTED] wrote: I refer to tomcat 5.5.17. Assuming SSL client side authentication is used, I am trying to access the underlying client's X509 certificate of the SSL socket in a webapp. However, it appears such information can only be extracted from the SSL session, which is not made available to the servlet. I can see that this can be hacked around by modifying Http12Processor.java, such that the (SSL) socket is placed into a thread local for use by the webapp. But there must be a better/easier way than this, or some configuration magic I am missing ? Hanson
