如何在不使用Servlet的情况下在静态Web服务(Java和Jersey)中获取客户端证书?
[英]How to fetch client-side certificate in restful web service (Java & Jersey) without Servlets?
问题描述
I want to access the "subjectDN" from the client-side certificate, ie, fetch the user data (common name, email, etc) from the certificate, but am not interested in the authentication part. 
我想从客户端证书访问“ subjectDN”,即从证书中获取用户数据(公用名,电子邮件等),但对身份验证部分不感兴趣。
If I would use a servlet, I understand that I can read the certificate sent in the request header using something like 如果我要使用Servlet,则可以理解,我可以使用类似以下内容读取请求标头中发送的证书
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
However, in my restful web service I don't use Servlets - so I'm lacking access to the request header. 但是,在我宁静的Web服务中,我不使用Servlet-因此我无法访问请求标头。 The restful web service is written in Java using the Jersey framework. 宁静的Web服务使用Jersey框架以Java编写。 My GlassFish application server is properly configured for SSL. 我的GlassFish应用程序服务器已正确配置为SSL。
Any thoughts on how to achieve this without using a Servlet? 关于如何在不使用Servlet的情况下实现此目标的任何想法? Any pragmatic alternative ways? 有其他实用的替代方法吗?
1 个解决方案
解决方案1
3 已采纳 2010-07-29 15:36:40
in jersey you can try @Context HttpServletRequest request as a argument to a resource method: 在球衣中,您可以尝试使用@Context HttpServletRequest请求作为资源方法的参数:
@GET
public Response getSomeView(@Context HttpServletRequest request){
[here you have access to the request object]
}
hope that helped.... 希望有帮助...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.