Mutual Client Authentication Get Certificate in Servlet

Question

I have setup a Tomcat 7.0 application server with mutual (client/server) authentication over SSL. To setup this configuration I needed to create a .jks file for the server and .pks certificate for in my web browser. After configuring the server.xml file in Tomcat I have mutual authentication and SSL working. Now I am attempting to grab the certificate in a servlet, however I cannot seem to grab the certificate from the request in the servlet. I can setup a filter that successfully pulls the certificate from the request. Can anyone provide me with a configuration/code that would allow me to grab the certificate from the servlet? I would also accept a reason for why I cannot get the certificate in the servlet.

Server.xml

<Connector
 clientAuth="true" port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 scheme="https" secure="true"
 keystoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
 keystoreType="JKS" keystorePass="notmypassword"
 truststoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
 truststoreType="JKS" truststorePass="notmypassword"
 SSLVerifyClient="require" SSLVerifyDepth="2" sslProtocol="TLS"
/>

MyServlet.java - This throws a RuntimeException because certificate is not found when hitting url: https://localhost:8443/Sample_Application/MyServlet

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
            if (null != certs && certs.length > 0) {
                System.out.println("cert found");
            }
            throw new RuntimeException("No X.509 client certificate found in request");
    }

MyServlet Mapping

<servlet>
    <description>
    </description>
    <display-name>MyServlet</display-name>
    <servlet-name>MyServlet</servlet-name>
    <servlet-class>MyServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>MyServlet</servlet-name>
    <url-pattern>/MyServlet</url-pattern>
</servlet-mapping>

MyFilter.java - Returns "cert found" when hitting url: https://localhost:8443/Sample_Application/test.jsp

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
     X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
        if (null != certs && certs.length > 0) {
            System.out.println("cert found");
        }
        //throw new RuntimeException("No X.509 client certificate found in request");
    chain.doFilter(request, response);
}

My Filter Mapping

<filter>
    <description>
    </description>
    <display-name>MyFilter</display-name>
    <filter-name>MyFilter</filter-name>
    <filter-class>MyFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
</filter-mapping>

Answer 1

It is working. However, the Servlet is coded to always throws the RuntimeException so it looks like it isn't working.