[JBoss-user] [Security & JAAS/JBoss] - Re: Apache 2.0.49 + mod_jk2 + JBoss 3.2.4 + Mutual Authentic

Fri, 11 Jun 2004 21:24:38 -0700 

Well, finally figured this out.  In Apache's httpd.conf, the following SSL Directive 
must be added:


  | SSLOptions +ExportCertData
  | 

So, for example, I have a Location setup within Apache to require client 
authentication for a URI within JBoss.  I am self-signing, and only need to verify my 
self-signed clients.  Here is the httpd.conf entry:

httpd.conf


  | <Location "/test/">
  |         SSLVerifyClient require
  |         SSLVerifyDepth 1
  |         SSLOptions +ExportCertData
  |         SSLCipherSuite HIGH:MEDIUM
  | </Location>
  | 

workers2.properties

  | # Map the Tomcat examples webapp to the Web server uri space
  | [uri:/test/*]
  | group=lb
  | 

That's it...you'll then have access to the client certificate information using the 
following (in this example, a JSP):

  | <[EMAIL PROTECTED] import="java.security.*,java.security.cert.*"%>
  | 
  | <%
  | try {
  |  if (request.isSecure()) { 
  |     out.println("Client Request is secure<br>The following is the DN from your 
certificate:<br>");
  |         java.security.cert.X509Certificate[] certs = 
(java.security.cert.X509Certificate[])
  |             request.getAttribute("javax.servlet.request.X509Certificate");
  |         if (certs != null) { 
  |            X509Certificate clientCert = certs[0]; 
  |            if (clientCert != null) { 
  |               // Get the Distinguised Name for the user. 
  |               Principal userDN = clientCert.getSubjectDN();
  |               out.println("User DN: "+userDN);
  |               out.println("<br>");               
  |            } else {
  |              out.println("<br>Client Cert is null");
  |            }
  |         } else {
  |             out.println("<br>There are no client certificates available");
  |         }
  |  } else {
  |             out.println("Client request is <b>not</b> secure...no X509Certificate 
to inspect.");
  |  }
  |  
  |  
  | } catch (Throwable t) {
  |     out.println("Caught Throwable:");
  |     t.printStackTrace();
  | }
  | 
  | %>
  | 

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3838551#3838551

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3838551


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to