views:

42

answers:

1

I want to access the "subjectDN" from the client-side certificate, i.e., fetch the user data (common name, email, etc) from the certificate, but am not interested in the authentication part.

If I would use a servlet, I understand that I can read the certificate sent in the request header using something like

(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");

However, in my restful web service I don't use Servlets - so I'm lacking access to the request header. The restful web service is written in Java using the Jersey framework. My GlassFish application server is properly configured for SSL.

Any thoughts on how to achieve this without using a Servlet? Any pragmatic alternative ways?

A: 

in jersey you can try @Context HttpServletRequest request as a argument to a resource method:

@GET
public Response getSomeView(@Context HttpServletRequest request){
     [here you have access to the request object]
}

hope that helped....

smeg4brains
Thanks a million - that's it.
Michael Schmidt