axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erwin Reinhoud" <Erwin.Reinh...@ictu.nl>
Subject RE: Getting x509 certificate info
Date Fri, 18 Jul 2008 09:49:29 GMT
Hello Stefan,

Thanks for the confirmation. I will look into my code. I use a handler in the inflow for authorisation.
This is where i try to get cert details.

I configured the apache web server with SSLOptions directive ExportCertData  and StdEnvVars.
I will first try the same code that you gave and see what happens.

Thanks again.

Kind regards,
Erwin



-----Original Message-----
From:	Chefo [mailto:cheffo@gmail.com]
Sent:	Fri 7/18/2008 11:17 AM
To:	axis-user@ws.apache.org
Cc:	
Subject:	Re: Getting x509 certificate info
Hi Erwin,

It's very strange that the servlet request is not there... I checked out the
axis servlet and in AxisServlet#createMessageContext there is a line
msgContext.setProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST, request);
so if you are using the axis servlet you should have access to the request.

I've tested this on tomcat 5.5.26 (without apache) with ssl + client
certificate required, using axis2 client and I'm positive it works. The
request is available and the certificate chain can be obtained from it.

I think I read somewhere that if you are using an apache with the tomcat you
should do some configuration in the apache so that it passes the client
certificate to the tomcat...

Regards,
Stefan

On Fri, Jul 18, 2008 at 9:05 AM, Erwin Reinhoud <Erwin.Reinhoud@ictu.nl>
wrote:

>
> Hello Stefan,
>
> Thanks for the reply.
>
> I have tried this but the HttpServletRequest seems to be always null. I
> have not set up ssl trough axis2 (exept vor the part in web.xml) but in
> tomcat with client authentication. Is there anything else i need to do?
>
> An other setup i am busy with is with apache 2.2 web server as load
> ballancer/ssloffloader in front of two tomcat 6.0 instances using
> mod_proxy_ajp. Can i use the same code in this case?
>
> Thanks again.
>
> Kind regards,
>
> Erwin
>
>
>
>
> -----Original Message-----
> From:   Chefo [mailto:cheffo@gmail.com]
> Sent:   Thu 7/17/2008 5:09 PM
> To:     axis-user@ws.apache.org
> Cc:
> Subject:        Re: Getting x509 certificate info
> Hi,
>
> the whole http servlet request is available through the message context
>
> Object requestProperty =
> msgContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
> if (requestProperty != null && requestProperty instanceof
> HttpServletRequest) {
>    HttpServletRequest request = (HttpServletRequest)requestProperty;
>    Object certificateChainAtt =
> request.getAttribute("javax.servlet.request.X509Certificate");
>    if (certificateChainAtt != null && certificateChainAtt instanceof
> X509Certificate[]) {
>        X509Certificate[] certificateChain =
> (X509Certificate[])certificateChainAtt
>    }
> }
>
> You may wanna verify whether it is expected to have the client certificate
> in case you have a security policy with transport binding and
> RequireClientCertificate set...
>
> Regards,
> Stefan
>
> On Thu, Jul 17, 2008 at 4:28 PM, Erwin Reinhoud <Erwin.Reinhoud@ictu.nl>
> wrote:
>
> >  Hello All,
> >
> > I have my axis2 application running in tomcat 6.0. The endpoint is
> > secured bij SSL/TLS with client authentication by use of tomcat
> > server.xml en axis2 web.xml. I want to get x509 certificate info through
> > an axis2 inflow handler. Is this possible and how would i go about this?
> >
> > Thanks in advance.
> >
> > Kind regards,
> > Erwin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>




Mime
View raw message