Spring Security X.509 Preauth

StackOverflow https://stackoverflow.com/questions/16462300

Вопрос

I'm using Spring Security 2.x's Preauthentication with X.509 certificates.

I get the certificateText via HttpServletRequest.getAttribute("CERTIFICATE").

Sometimes, the above call returns "" (empty). I believe it occurs when the HTTP session has expired.

What would explain why HttpServletRequest.getAttribute("CERT") returns empty?

EDIT In Kerberos, for example, the ticket is available in every HTTP request. Is the cert not always in X.509 HTTP requests?

Это было полезно?

Решение

  1. Please access to certificate using this code: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
  2. Certificate is always populated to request after successful client certificate authentication.

Ensure your support long certificate chain:

  1. Add the max_packet_size propery to the worker.properties file worker.ajp13w.max_packet_size=65536

  2. Add the packetSize propery to the configuration of Ajp connector in the Tomcat configuration \conf\server.xml <Connector port="8089" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" packetSize="65536"/>

Apache logs: http://httpd.apache.org/docs/2.2/logs.html#accesslog http://httpd.apache.org/docs/2.2/logs.html#errorlog http://httpd.apache.org/docs/2.2/mod/core.html#loglevel

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top