My problem was to retrieve the client certificate in my Jaas Login Module in order to verify that it matches with the client login (I only use remote EJB through HTTPS).
I've found a different way since I'm using a reverse proxy for the SSL part : 1. The reverse Proxy (NGINX) verify client certificate and put its DN in a HTTP Header 2. I've implemented a Valve that get this header value and put it in a ThreadLocal (and release it in destroyInternal) 3. Retrieve the client DN from the ThreadLocal 4. ... -- View this message in context: http://tomee-openejb.979440.n4.nabble.com/obtaining-the-principal-from-a-client-certificate-tp3318825p4675072.html Sent from the TomEE Users mailing list archive at Nabble.com.
