[英]Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection?
We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution.我们有一个 weblogic 服务器配置为在建立 ssl 与客户端的 web 服务解决方案的连接时需要客户端证书。 The ssl handshake works perfectly as we have already configured all that is required.
ssl 握手完美地工作,因为我们已经配置了所有需要的东西。
Now, after the connection we do receive a soap request where the client id is one of the fields of this request soap.现在,在连接之后,我们确实收到了一个 soap 请求,其中客户端 ID 是该请求 soap 的字段之一。 What we need to do is to check this id against the common name of the client certificate used to connect within our server in order to garantee the transaction.
我们需要做的是根据用于在我们的服务器内连接的客户端证书的通用名称检查此 ID,以保证交易。 This is very important to us because this is a bank transaction and there is a lot of money involved in it and we need to avoid frauds.
这对我们来说非常重要,因为这是一项银行交易,涉及大量资金,我们需要避免欺诈。
So: Is there a way to recover the common name of a client certificate used to stablish a 2 way ssl connection from java code running on the server using a weblogic 10.3.3 server?所以:有没有办法从使用 weblogic 10.3.3 服务器的服务器上运行的 java 代码恢复用于建立 2 路 ssl 连接的客户端证书的公用名?
[]s []s
The client's certificate can be read from the incoming Servlet request using the HttpServletRequest.getAttribute(String)
method invocation.可以使用
HttpServletRequest.getAttribute(String)
方法调用从传入的 Servlet 请求中读取客户端的证书。 The attribute with name javax.servlet.request.X509Certificate
is populated by the servlet container when it creates an instance of the Request object for processing by the servlet/webservice.名为
javax.servlet.request.X509Certificate
的属性由 servlet 容器在创建请求 object 的实例以供 servlet/webservice 处理时填充。
The DN of the certificate can then be obtained from the X500Principal object, obtained from the certificate object via the getX500Principal
method invocation.然后可以从 X500Principal object 获得证书的 DN,通过
getX500Principal
方法调用从证书 object 获得。 This does not give the CN, but will provide your with the complete distinguished name in a specified format;这不会提供 CN,但会以指定格式为您提供完整的专有名称; this could be parsed to provide the CN .
这可以被解析以提供 CN 。
As far as accessing the ServletRequest object is concerned, JAX-WS web services can be programmed to read the MessageContext which allows access to the underlying HttpServletRequest object.就访问 ServletRequest object 而言,可以对 JAX-WS web 服务进行编程以读取允许访问底层 HttpServletRequest object 的MessageContext 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.