Spring Security X.509 Preauth

StackOverflow https://stackoverflow.com/questions/16462300

문제

I'm using Spring Security 2.x's Preauthentication with X.509 certificates.

I get the certificateText via HttpServletRequest.getAttribute("CERTIFICATE").

Sometimes, the above call returns "" (empty). I believe it occurs when the HTTP session has expired.

What would explain why HttpServletRequest.getAttribute("CERT") returns empty?

EDIT In Kerberos, for example, the ticket is available in every HTTP request. Is the cert not always in X.509 HTTP requests?

도움이 되었습니까?

해결책

  1. Please access to certificate using this code: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
  2. Certificate is always populated to request after successful client certificate authentication.

Ensure your support long certificate chain:

  1. Add the max_packet_size propery to the worker.properties file worker.ajp13w.max_packet_size=65536

  2. Add the packetSize propery to the configuration of Ajp connector in the Tomcat configuration \conf\server.xml <Connector port="8089" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" packetSize="65536"/>

Apache logs: http://httpd.apache.org/docs/2.2/logs.html#accesslog http://httpd.apache.org/docs/2.2/logs.html#errorlog http://httpd.apache.org/docs/2.2/mod/core.html#loglevel

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top