Fetching the Client Certificate

When you enable SSL and require client certificate authorization, your servlets have access to the client certificate as shown in the following example:

if (request.isSecure()) {
         java.security.cert.X509Certificate[] certs;
         certs = request.getAttribute("javax.servlet.request.X509Certificate");
        if (certs != null) {
            clientCert = certs[0];
            if (clientCert != null) {
               // Get the Distinguised Name for the user.
               java.security.Principal userDN = clientCert.getSubjectDN();
               ...
            }
         }
      }

The userDn is the fully qualified distinguished name for the user.

Previous: User Authorization by Servlets
Next: Using Web Services Message Security