Hi all!
I'm developing a java web service, with client certificate security enabled. I don't want to add a parameter to each method with a user ID. Since the user is already authenticating through the soap header with his client certificate, is it possible to fetch the user data (common name, email, etc) from his certificate?
Thanks!
Cast your java.security.cert.Certificate to java.security.cert.X509Certificate and check the methods you have available on it - like getSubjectDN()
This is how you can retrieve DN from the request,
Object certChain = request.getAttribute(
"javax.servlet.request.X509Certificate");
if (certChain != null) {
X509Certificate certs[] = (X509Certificate[])certChain;
X509Certificate cert = certs[0];
String n = cert.getSubjectDN().getName();
}
For this to work, you have to configure the HTTPS connector properly. If AJP is used, you have to configure the AJP connector so the certificate is passed from Apache to Tomcat.