2 Replies Latest reply on May 30, 2008 10:42 AM by rmihns

    Feature Request: Accessing SSL Cerficate in Request - Please

    rmihns
    rmihns May 27, 2008 5:18 PM

      I need to access the SSL certificate sent in the request in my J2EE application. I need this capability both for (redundant) security purposes and so that I can use the certificate to forward requests to other web services.

      Currently, I receive the following SSL attributes in my requests:

      javax.servlet.request.cipher_suite
      javax.servlet.request.key_size
      javax.servlet.request.ssl_session

      I'd like access to javax.servlet.request.X509Certificate in the request.

      I know this is possible by configuring Apache to run in front of Tomcat using mod_jk. However, I'd really like to avoid having to do this.

      Is there any way to configure JBoss to pass this attribute in the request header? If not, is this something we can add to the next version of JBoss Web Server? It seems like it would be pretty simple to implement. I am even willing to implement this contribution if possible.

      I really appreciate any insight anyone might have regarding this issue.

      Sincerely,

      Michael

      • 59637 Views
      • Tags:
        • 1. Re: Feature Request: Accessing SSL Cerficate in Request - Pl
          mladen.turk
          mladen.turk May 30, 2008 12:05 AM (in response to rmihns)

          Hmm,

          Http11Processor sets the javax.servlet.request.X509Certificate attribute.
          Can you point out to the code where the support is missing?

            • Actions
          • 2. Re: Feature Request: Accessing SSL Cerficate in Request - Pl
            rmihns
            rmihns May 30, 2008 10:42 AM (in response to rmihns)

            You're correct, I noticed it was in the code as well.

            However, I'm not receiving it in the request in JBoss Application Server 4.2.2.GA. Can you confirm that it is supported in this version of JBoss? If it is supported, is there there anything I need to add in server.xml for the certificate to appear? Like I said, I have SSL working and I currently receive the three attributes I mentioned in my previous post, but I'm just not receiving the x509Certificate.

            Thanks for your help, I really appreciate it!

              • Actions