堆栈内存溢出
  简体   繁体   English

如何在Spring Boot下运行的REST控制器中获取与HTTPS请求相关的SSL证书(X.509)?

[英]How to get SSL certificate (X.509) relevant to HTTPS request in REST controller running under Spring boot?

 原文  2017-10-31 08:30:50       java/ spring/ spring-mvc/ ssl/ x509certificate

问题描述

I have Spring Boot REST controller that uses mutual HTTPS authentication with keystores on both server and client side. 我有一个Spring Boot REST控制器,它在服务器端和客户端都使用相互HTTPS身份验证和密钥库。 The server side has the controller class with @RequestMapping. 服务器端具有带有@RequestMapping的控制器类。 HTTPS between server and client seems otherwise working fine. 服务器和客户端之间的HTTPS似乎可以正常工作。

There are multiple clients that have different they matching entries configured on the server trust store. 有多个客户端,它们在服务器信任库中配置了与它们匹配的条目。 When inside the controller body, I need to know which trust store entry has been used to authenticate the current client. 在控制器主体内部时,我需要知道已使用哪个信任库条目来认证当前客户端。

I have attempted the answer for this question using the injected HttpServetRequest (method parameter), but there is nothing on the request parameters. 我尝试使用注入的HttpServetRequest(方法参数)来回答此问题 ,但请求参数上没有任何内容。 Unfortunately, seems that request.getAttribute("javax.servlet.request.X509Certificate") just returns null, even if I am sure the interaction was via HTTPS. 不幸的是,即使我确定交互是通过HTTPS进行的,似乎request.getAttribute("javax.servlet.request.X509Certificate")只会返回null。 request.getAttribute("javax.servlet.request.cipher_suite") returns TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. request.getAttribute("javax.servlet.request.cipher_suite")返回TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256。

How to get from withing the Spring Rest Controller method any information about which certificate is being used? 如何从Spring Rest Controller方法获得有关正在使用哪个证书的任何信息?

Spring framework 4.3.11.RELEASE, embedded Tomcat 8.0.23, Spring Boot 1.5.1.RELEASE. Spring框架4.3.11.RELEASE,嵌入式Tomcat 8.0.23,Spring Boot 1.5.1.RELEASE。

1 个解决方案

解决方案1
 1 已采纳  2017-10-31 09:52:13

As stated in the comments, it is necessary to enable client authentication 如评论中所述,有必要启用客户端身份验证 

Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
...
connector.setAttribute("clientAuth", "true")

In addition, to ensure that the client is presenting a certificate, it is possible to debug the SSL connection at client or server side 另外,为了确保客户端出示证书,可以在客户端或服务器端调试SSL连接。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过HTTP请求获取用户X.509证书-(无SSL) - How do you get a users X.509 certificate over an HTTP request - (without SSL) 证书请求到X.509 - Certificate request to X.509 SSL证书X.509导出 - SSL Certificate X.509 Export 具有X.509证书的Spring Security - Spring Security With X.509 Certificate 导入 SSL 证书时出错:不是 X.509 证书 - Error Importing SSL certificate : Not an X.509 Certificate 如何在 Java 密钥库中导入现有的 X.509 证书和私钥以在 SSL 中使用? - How to import an existing X.509 certificate and private key in Java keystore to use in SSL? Spring Boot / Thymeleaf-Javascript请求和X.509 Auth的身份验证困难 - Spring Boot / Thymeleaf - Authentication Difficulties with Javascript Request and X.509 Auth Spring OAuth2使用X.509证书进行身份验证 - Spring OAuth2 authenticate with X.509 certificate Java httpcleint 使用 X.509 证书发送 SSL 请求 - Java httpcleint send SSL request using X.509 certeficate 如何使用Java中的X.509证书签署HTTP请求? - How do I sign a HTTP request with a X.509 certificate in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM