java client certificate authentication

Question

I implemented a strong authentication in a web server (apache) and it work great. but I want to implement a java class that have to compare cac ID and suject name to the ones presents on java .properties file or XML

Answer 1

Not sure about your deployment but for example if you need to do that from a servlet deployed in Tomcat you could do:

X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");   

If the client has send certificates then certs will have them and you can do the check you need and possibly reject according to your needs.
Note that this will happen after the SSL handshake has finished.