2 Replies Latest reply on May 13, 2004 12:46 PM by Carolyn Cole

    Custom Login using SSL

    Carolyn Cole Newbie

      Hello,

      Is there any way to get access to the X509 certificates passed in SSL in a Custom Login Module?

      I am trying to verify a user using the certificate DN as the username that I can then use to look up information about the user in an LDAP server.

      Thanks for any help you can give me!

      -- Carolyn

        • 1. Re: Custom Login using SSL
          Rolf Arne Corneliussen Newbie

          Here is a method you could use inside a login module. It assumes you extend the AbstractServerLoginModule.

          private Object[] getLoginInfo() throws LoginException {
          
           if (callbackHandler == null) {
           log.warn("No callbackHandler available");
           throw new LoginException(
           "Error: no CallbackHandler available " + "to collect authentication information");
           }
           String username = null;
           X509Certificate[] certs = null;
           NameCallback nc = new NameCallback("username");
           ObjectCallback oc = new ObjectCallback("certs");
           Callback[] callbacks = { nc, oc };
           try {
           callbackHandler.handle(callbacks);
           username = nc.getName();
          
           Object credential = oc.getCredential();
           if (credential == null || !(credential instanceof X509Certificate[])) {
           log.debug("No X509Certficate chain");
           throw new LoginException("No X509Certficate chain");
           }
           certs = (X509Certificate[]) credential;
           } catch (java.io.IOException ioe) {
           throw new LoginException(ioe.toString());
           } catch (UnsupportedCallbackException uce) {
           throw new LoginException("CallbackHandler does not support: " + uce.getCallback());
           }
           return new Object[] { username, certs };
           }
          



          • 2. Re: Custom Login using SSL
            Carolyn Cole Newbie

            Thanks so much!

            Your code worked perfectly!

            -- Carolyn