How to get the certificate into the X509 filter (Spring Security)?

前端未结

关注

 2  454

I need to extract more information than just the CN of the certificate. Currently, I only get the standard UserDetails loadUserByUsername(String arg) where arg is the CN of the

相关标签:

2条回答

一整个雨季

2021-01-22 12:49
No you can't get it that way. You need to grab it from the HttpServletRequest:
```
X509Certificate[] certs = (X509Certificate[])HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

你的背包

2021-01-22 12:52

It is also worth noting that once you are authorized by the in-built X509AuthenticationFilter of Spring Security as it has accepted your certificate, then you can access the X509Certificate as

Object object = SecurityContextHolder.getContext().getAuthentication().getCredentials();
if (object instanceof X509Certificate)
{
    X509Certificate x509Certificate = (X509Certificate) object;
    //convert to bouncycastle if you want
    X509CertificateHolder x509CertificateHolder =
        new X509CertificateHolder(x509Certificate.getEncoded());
    ...

0 讨论(0)