tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjeev Sharma <sanjeev.sha...@buchanan-edwards.com>
Subject RE: Client Authentication--getting certificate information on the server side
Date Mon, 06 Feb 2012 17:32:35 GMT
Thanks so much.  I was just dumping session in psi-probe.  I didn't think to look in the request.
 I get exactly what I need when I us request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR).
 Thanks again!

-----Original Message-----
From: Pid [mailto:pid@pidster.com] 
Sent: Monday, February 06, 2012 12:20 PM
To: Tomcat Users List
Subject: Re: Client Authentication--getting certificate information on the server side

On 06/02/2012 17:01, Sanjeev Sharma wrote:
> Hello,
> 
> I'm trying to configure client authentication in Tomcat 7 on Windows 7.  I have the following
connector in the server.xml:
> 
> <Connector port="443"
>            protocol="HTTP/1.1"
>            SSLEnabled="true"
>            maxThreads="150"
>            scheme="https"
>            secure="true"
>            keystoreFile="d:\certs\server_cert.jks"
>            keystorePass="changeit"
>            truststoreFile="d:\certs\truststore.jks"
>            truststorePass="changeit"
>            clientAuth="true"
>            sslProtocol="TLS" />
> 
> In my web.xml I have the following :
> 
>     <login-config>
>         <auth-method>CLIENT-CERT</auth-method>
>         <realm-name>PKI Enabled App</realm-name>
>     </login-config>
> 
> This forces client authentication when I try to access the app using a browser and when
I provide a trusted certificate, I'm able get authenticated.  After the authentication I was
expecting to get the client certificate information in the session, but I get nothing.  How
do I pass the Common Name from the subject line of the client certificate to the server during
authentication so that I can access it from a struts action?
> 
> Thanks in advance.

There are a number of variables (javax.servlet.request.ssl*) available in the *request* rather
than the session.  Which ones are you trying to access?

There's a list of various relevant things here:

http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/Globals.java


p





-- 

[key:62590808]

Mime
View raw message