tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "tito santini" <tito.sant...@netikos.com>
Subject Re: How to access X509 Certificate?
Date Tue, 04 Sep 2001 08:32:34 GMT
Hi,
instead of "Object",
try with:

  String strX509 = new String();
  strX509           = (String)
req.getAttribute("javax.servlet.request.X509Certificate");
  if( strX509 != null )
  {
        try
       {
               byte [] byX509 = strX509.getBytes();
               //change with your security provider
               iaik.x509.X509Certificate xcUser = new
iaik.x509.X509Certificate(byX509);
               Principal prDN = xcUser.getIssuerDN();
               Principal prCN = xcUser.getSubjectDN();
        }
       catch( java.security.cert.CertificateException jc)
       {
       }
  }

Hope this may help.

Tito Santini

NETikos S.p.A.
Via Matteucci, 34 B
56124 PISA - ITALY
Tel.: + 39 050 968 671
Fax: + 39 050 968 626
mailto:tito.santini@netikos.com
www.netikos.com
----- Original Message -----
From: "Christoph Ender" <chrlists@moondock.org>
To: <tomcat-user@jakarta.apache.org>
Cc: <jfrederic.clere@fujitsu-siemens.com>
Sent: Tuesday, September 04, 2001 1:26 AM
Subject: Re: How to access X509 Certificate?


>
>
> > Christoph Ender wrote:
> > > Hey all,
> > > I'm trying to access the certificate that the user has sent to
> > > authenticate himself. I'm using the Tomcat/Apache combo. Apache
correctly
> > > exports the Certificate to the "SSL_CLIENT_CERT" environment variable,
but
> > > when I try to read "javax.servlet.request.X509Certificate", Tomcat
always
> > > returns null. The list of attributes is always empty.
> > > I've uncommented JkHTTPSIndicator HTTPS, JkSESSIONIndicator
SSL_SESSION_ID,
> > > JkCIPHERIndicator SSL_CIPHER, JkCERTSIndicator SSL_CLIENT_CERT and set
> > > JkExtractSSL to On. I'm sure the Ajp13 protocol is used since I've
> > > disabled everything else.
> > > What am I missing here? Any help greatly appreciated!
>
> On Mon, 3 Sep 2001, jean-frederic clere wrote:
> > What code are you using?
>
> If you're referring to versions:
>  Tomcat is version 3.2.2, Apache 1.3.20, the servlet jar 2.2b.
>
> In case you're referring how to check for the certificate :-) :
>     System.out.println(request.isSecure());
>     System.out.println(request.getProtocol());
>     System.out.println(request.getScheme());
>     System.out.println(request.getServerPort());
>
>     System.out.println("--- start headernames ---");
>     enum = request.getHeaderNames();
>     while (enum.hasMoreElements()) {
>       thisparameter = (String)enum.nextElement();
>       System.out.println(thisparameter);
>     }
>     System.out.println("--- end headernames --- ");
>
>     System.out.println("--- start attributenames ---");
>     enum = request.getAttributeNames();
>     while (enum.hasMoreElements()) {
>       thisparameter = (String)enum.nextElement();
>       System.out.println(thisparameter);
>     }
>     System.out.println("--- end attributenames --- ");
>
>     Object o =
request.getAttribute("javax.servlet.request.X509Certificate");
>     if (o == null)
>
System.out.println("request.getAttribute(\"javax.servlet.request.X509Certifi
cate\") == null.");
>
>
>
> These lines produce the following output:
>
> true
> HTTP/1.0
> https
> 443
> --- start headernames ---
> accept
> accept-charset
> pragma
> accept-encoding
> host
> accept-language
> connection
> user-agent
> --- end headernames ---
> --- start attributenames ---
> --- end attributenames ---
> request.getAttribute("javax.servlet.request.X509Certificate") == null.
>
>
>
>
> Regards,
> Christoph.
>
>



Mime
View raw message