Sun Java System Web Server 7.0 Update 8 Developer's Guide to Java Web Applications

Previous: User Authorization by Servlets
Next: Using Web Services Message Security

Fetching the Client Certificate

When you enable SSL and require client certificate authorization, your servlets have access to the client certificate as shown in the following example:

if (request.isSecure()) {
         java.security.cert.X509Certificate[] certs;
         certs = request.getAttribute("javax.servlet.request.X509Certificate");
        if (certs != null) {
            clientCert = certs[0];
            if (clientCert != null) {
               // Get the Distinguised Name for the user.
               java.security.Principal userDN = clientCert.getSubjectDN();
               ...
            }
         }
      }

The userDn is the fully qualified distinguished name for the user.

Previous: User Authorization by Servlets
Next: Using Web Services Message Security