Spring Security X.509 Preauth

StackOverflow https://stackoverflow.com/questions/16462300

Pregunta

I'm using Spring Security 2.x's Preauthentication with X.509 certificates.

I get the certificateText via HttpServletRequest.getAttribute("CERTIFICATE").

Sometimes, the above call returns "" (empty). I believe it occurs when the HTTP session has expired.

What would explain why HttpServletRequest.getAttribute("CERT") returns empty?

EDIT In Kerberos, for example, the ticket is available in every HTTP request. Is the cert not always in X.509 HTTP requests?

¿Fue útil?

Solución

  1. Please access to certificate using this code: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
  2. Certificate is always populated to request after successful client certificate authentication.

Ensure your support long certificate chain:

  1. Add the max_packet_size propery to the worker.properties file worker.ajp13w.max_packet_size=65536

  2. Add the packetSize propery to the configuration of Ajp connector in the Tomcat configuration \conf\server.xml <Connector port="8089" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" packetSize="65536"/>

Apache logs: http://httpd.apache.org/docs/2.2/logs.html#accesslog http://httpd.apache.org/docs/2.2/logs.html#errorlog http://httpd.apache.org/docs/2.2/mod/core.html#loglevel

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top