tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjeev Sharma <>
Subject RE: Client Authentication--getting certificate information on the server side
Date Mon, 06 Feb 2012 17:32:35 GMT
Thanks so much.  I was just dumping session in psi-probe.  I didn't think to look in the request.
 I get exactly what I need when I us request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR).
 Thanks again!

-----Original Message-----
From: Pid [] 
Sent: Monday, February 06, 2012 12:20 PM
To: Tomcat Users List
Subject: Re: Client Authentication--getting certificate information on the server side

On 06/02/2012 17:01, Sanjeev Sharma wrote:
> Hello,
> I'm trying to configure client authentication in Tomcat 7 on Windows 7.  I have the following
connector in the server.xml:
> <Connector port="443"
>            protocol="HTTP/1.1"
>            SSLEnabled="true"
>            maxThreads="150"
>            scheme="https"
>            secure="true"
>            keystoreFile="d:\certs\server_cert.jks"
>            keystorePass="changeit"
>            truststoreFile="d:\certs\truststore.jks"
>            truststorePass="changeit"
>            clientAuth="true"
>            sslProtocol="TLS" />
> In my web.xml I have the following :
>     <login-config>
>         <auth-method>CLIENT-CERT</auth-method>
>         <realm-name>PKI Enabled App</realm-name>
>     </login-config>
> This forces client authentication when I try to access the app using a browser and when
I provide a trusted certificate, I'm able get authenticated.  After the authentication I was
expecting to get the client certificate information in the session, but I get nothing.  How
do I pass the Common Name from the subject line of the client certificate to the server during
authentication so that I can access it from a struts action?
> Thanks in advance.

There are a number of variables (javax.servlet.request.ssl*) available in the *request* rather
than the session.  Which ones are you trying to access?

There's a list of various relevant things here:




View raw message