Mutual Authentication on Tomcat 7 and request.getUserPrincipal()
Question
I'm trying to setup mutual authentication on a Tomcat 7 app. My server.xml has the following connector:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443"
enableLookups="true"
acceptCount="100"
connectionTimeout="20000"
useURIValidationHack="false"
disableUploadTimeout="true"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="servercert.jks"
keystorePass="password"
truststoreFile="truststore.jks"
truststorePass="password"
clientAuth="true"
sslProtocol="TLS" />
When I try to hit a struts action using a similar URL to "https://testserver:8443/myapp/LoadUser.do", I am prompted by the browser for a client certificate. When I provide a certificate which is trusted by my server, it seems to authenticate just fine. On the server side, I'm expecting to get the client certificate's Common Name by calling request.getUserPrincipal(), but it's just null. Am I correct in assuming that getUserPrincipa() should be set to the CN? If yes, what am I doing wrong/missing. If no, how can I retrieve the CN on the server side?
Thanks.
1 answers
solution1
4 ACCPTED 2012-02-06 17:37:56
I was looking in the wrong place like a dummy. I get all certificate information from the request :
request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.