Re: : Request/read digital certificates from a servlet

Aaron Stromas Mon, 28 Aug 2000 05:15:38 -0700
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

thierry,

have you configured apache to export the certificate to jserv? something like
this

ApJServMount /serlets ajpv12:/root
<Location /servlets>
    SSLRequire true
    SSLOptions +StdEnvVars +ExportCertData
</Location>

also, try request.getHeader("SSL_CLIENT_CERT") rather than getAttribute().

i assume, you have mod_ssl or apache_ssl, right? hth

-a

BERWART Thierry wrote:

> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files.  Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
> Hello,
>
> I try many code for getting client certificate in a servlet but
> nothing works !
>
> I have :
> Linux RedHat 6.1
> Apache WebServer 1.3.12
> JServ 1.1.2
>
> apparently, the way for getting certificate infos depends on the webserver
> ?! ...
>
> Please help me ! :-)
>
> Thierry
>
> -----Original Message-----
> From: Traian Tirzaman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 25, 2000 10:03 PM
> To: BERWART Thierry
> Subject: Re: Request/read digital certificates from java From
> JavaSoft.com
>
> Hi Thierry,
>
> Here's some code snippets that you could use to read a
> digital certificate from java code (servlets):
>
> // some imports ....
> import java.io.*;
> import java.util.*;
> import java.security.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> //import java.security.cert.X509Certificate;
> import sun.security.x509.*;
>
> String cipherSuite =
> (String)req.getAttribute("javax.net.ssl.cipher_suite");
>
> X509Cert[] certChain =
> (X509Cert[])req.getAttribute("javax.net.ssl.peer_certificates");
>
> for(int i = 0; i < certChain.length; ++i) {
>   X509Cert cert = (X509Cert)certChain[i];
>   Principal p = cert.getPrincipal();
>   out.println("Principal for this certificate: " +
> p.getName());
>   out.println("Looking for \"CN=Joe Doe\" ....");
>                         if(p.getName().indexOf("CN=joe doe") != -1)
> {
>   out.println("joe doe has been authenticated
> SUCCESSFULLY !!!!");
> }
>
> Once you get the "X509Cert" object you can call a lot
> of different methods on it to get data and check it
> against whatever your security model is.  I wrote this
> code awhile ago, so you may want to check it against
> newer classes, methods, etc.
>
> Good luck !
>
> --- BERWART Thierry <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > I saw your message in "Java programming" forum.
> > And i have the same question/problem and i think you
> > can help me !!
> >
> > did you find any answers ??
> >
> > thanks !
> >
> > Thierry
> >
> >
> > >>Is it possible to request and read a digital
> > certificate from Java
> > (servlets) code ? I'd like to turn off the digital
> > certificate
> > >>authentication done by the Web server and from a
> > java servlet, request a
> > client certificate and read it.
> > >>Any help would be greatly appreciated.
> > >>P.S. My e-mail: [EMAIL PROTECTED]
>
> =====
> Traian Tirzaman
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Search Archives:
> <http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
> Problems?:           [EMAIL PROTECTED]

--
Aaron Stromas    | "Tick-tick-tick!!!... ja, Pantani is weg..."
Oracle Corp      |                             BRTN commentator
+1 703.708.68.21 |                              L'Alpe d'Huez
                                            1995 Tour de France




--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search Archives: 
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]
Re: : Request/read digital certificates from a servlet

Reply via email to
