在Tomcat 7和request.getUserPrincipal()上进行相互身份验证
[英]Mutual Authentication on Tomcat 7 and request.getUserPrincipal()
问题描述
I'm trying to setup mutual authentication on a Tomcat 7 app. 
我正在尝试在Tomcat 7应用程序上设置双向身份验证。 My server.xml has the following connector: 我的server.xml具有以下连接器:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443"
enableLookups="true"
acceptCount="100"
connectionTimeout="20000"
useURIValidationHack="false"
disableUploadTimeout="true"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="servercert.jks"
keystorePass="password"
truststoreFile="truststore.jks"
truststorePass="password"
clientAuth="true"
sslProtocol="TLS" />
When I try to hit a struts action using a similar URL to "https://testserver:8443/myapp/LoadUser.do", I am prompted by the browser for a client certificate. 当我尝试使用类似于“ https:// testserver:8443 / myapp / LoadUser.do”的URL进行struts操作时,浏览器会提示我输入客户端证书。 When I provide a certificate which is trusted by my server, it seems to authenticate just fine. 当我提供服务器信任的证书时,它似乎可以进行身份验证。 On the server side, I'm expecting to get the client certificate's Common Name by calling request.getUserPrincipal(), but it's just null. 在服务器端,我期望通过调用request.getUserPrincipal()获得客户端证书的公用名,但是它只是null。 Am I correct in assuming that getUserPrincipa() should be set to the CN? 我假设将getUserPrincipa()设置为CN是否正确? If yes, what am I doing wrong/missing. 如果是,我在做什么错/遗漏。 If no, how can I retrieve the CN on the server side? 如果没有,如何在服务器端检索CN?
Thanks. 谢谢。
1 个解决方案
解决方案1
4 已采纳 2012-02-06 17:37:56
I was looking in the wrong place like a dummy. 我像假人一样在错误的地方看。 I get all certificate information from the request : 我从请求中获取了所有证书信息:
request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.