geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor" <jga...@gmail.com>
Subject Re: apache httpd and geronimo -- newbie
Date Mon, 18 Aug 2008 17:20:59 GMT
On Mon, Aug 18, 2008 at 12:43 PM, whitewaterbug <jaynryan@gmail.com> wrote:
>
> Mod_JK might give the right way to do this.
>
> If httpd does certificate-based client side authentication using SSL, then
> does mod_JK pass the certificate along to geronimo so it can use it for
> application level authorization?
>
> I think the whole certificate would still need to be sent over mod_JK
> because sometimes authorizations are dependent on the content in the
> certificate.

In your application you should be able to get client's certificates
from the HttpServletRequest object, for example:

X509Certificate[] cert =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");

or get one client certificate at a time (in a loop):

Object cert = request.getAttribute("SSL_CLIENT_CERT_CHAIN_" + i);

(I don't quite remember now but I don't think this property returns a
X509Certificate object but a String object which is PEM-encoded
certificate).

Jarek

Mime
View raw message