I think there is a request property for this.
X509Certificate[] cert =
request.getProperty("javax.servlet.request.X509Certificate");
This property has an array of X509Certificates because you will be presented
with a certificate chain, not just a single certificate.
To forward this certificate to another request, I think you will need to do
the following:
Create a temporary keystore containing the client certificates
Create a KeyManagerFactory that uses this keystore
Create an SSLSocketFactory that uses your KeyManagerFactory
Set the default SSLSocketFactory for Https Url Connections
This is quite complicated, so maybe someone else knows a better way. I
reckon it should work though.
Regards,
Andy
-----Original Message-----
From: Rodrigo Ruiz
To: Tomcat Users List
Sent: 21/11/2002 14:45
Subject: Retrieving SSL client certificates from the Request
Hi all,
Can I retrieve the SSL client certificate from an incoming request and
use
it in another one?
Let me explain the background:
We have implemented a server that only accepts SOAP requests. The
purpose of
this server is to act as a job dispatcher for a cluster of N machines.
The
jobs to execute are defined by the users, so we designed it to have a
public
API (accesed via SOAP calls), with which we can define jobs, upload
executable files and resources and control execution in the cluster.
Currently, it uses basic authentication for all connections, but we are
planning to pass to a two-way SSL authentication model in a short time.
Users access this server through different front-ends, ones more
specialized
than others. Some of them are themselves web applications.
We want our front-end to capture the client certificate from a request,
and
use it to authenticate itself in its calls to our SOAP server. We need
this
capability, because each user can have different permissions, and we
don't
want all connections through the front-end to be made with a common
certificate. Also, we want to avoid the need to "register" the clients
in
our front-end, as it should act as a simple proxy to our soap service.
Is this possible from a servlet? We are now using Tomcat 3.3.1, and
migrating to 4.1.12 for client certificate authentication support.
Any help would be appreciated
--
GRIDSYSTEMS Rodrigo Ruiz Aguayo
Parc Bit - Son Espanyol Analista Programador
07120 Palma de Mallorca [EMAIL PROTECTED]
Baleares - Espaņa Tel:+34-971435085
www.gridsystems.com Fax:+34-971435082
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
