HttpServlet-如何知道是否使用SSL客户端身份验证
[英]HttpServlet - How to know if SSL Client Authentication is used
问题描述
I have a Servlet container (Glassfish/OC4J) which service some JAX-WS web service endpoints which can be reach using HTTPS. 
我有一个Servlet容器(Glassfish / OC4J),该容器为一些使用HTTPS可以到达的JAX-WS Web服务端点提供服务。 The SSL is configured to support both Client Authentication and Server only authentication (like client-auth="want" on Glassfish). SSL配置为支持客户端身份验证和仅服务器身份验证(例如Glassfish上的client-auth =“ want”)。
In my endpoint implementation I want to know if the connection was done with or without Client authentication. 在我的端点实现中,我想知道连接是在有或没有客户端身份验证的情况下完成的。 I already have access to the HttpServletRequest object, but the getAuthType() method is always returning null, no mater if Client auth is done or not (checked using wireshark to be sure it does what I want). 我已经可以访问HttpServletRequest对象,但是getAuthType()方法始终返回null,无论是否完成了客户端身份验证,都不会返回任何值(使用wirehark进行检查以确保它可以执行我想要的操作)。
Does anybody knows how to have access to such info ? 有人知道如何访问此类信息吗?
Thanks a lot 非常感谢
1 个解决方案
解决方案1
5 已采纳 2011-12-14 13:39:22
The javax.servlet.request.X509Certificate request attribute should return an array of java.security.cert.X509Certificate . javax.servlet.request.X509Certificate请求属性应返回java.security.cert.X509Certificate数组。
You can get it from your request using: 您可以使用以下方法从您的请求中获取:
X509Certificate[] certs = req.getAttribute("javax.servlet.request.X509Certificate");
If non-null, and if it contains something, the first element ( certs[0] ) will be the client certificate itself. 如果为非null,并且包含某些内容,则第一个元素( certs[0] )将是客户端证书本身。 There may be other elements in this array, which will contain intermediate CA certificates (what's presented by the client can be a certificate chain), where cert[i] is issued by cert[i+1] . 此数组中可能还有其他元素,其中将包含中间CA证书(客户端提供的证书可以是证书链),其中cert[i]由cert[i+1]颁发。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.