我需要提取更多的信息,而不僅僅是證書的CN。目前,我只獲得標準的UserDetails loadUserByUsername(String arg),其中arg是證書的CN。我需要獲取X509Certificate對象。可能嗎?如何將證書放入X509過濾器(Spring Security)?
春安全XML文件:
<x509 subject-principal-regex="CN=(.*?)," user-service-ref="myUserDetailsService" />
我需要提取更多的信息,而不僅僅是證書的CN。目前,我只獲得標準的UserDetails loadUserByUsername(String arg),其中arg是證書的CN。我需要獲取X509Certificate對象。可能嗎?如何將證書放入X509過濾器(Spring Security)?
春安全XML文件:
<x509 subject-principal-regex="CN=(.*?)," user-service-ref="myUserDetailsService" />
不,你不能得到它的方式。您需要將來自HttpServletRequest抓住它:
X509Certificate[] certs = (X509Certificate[])HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
還值得一提的是,一旦你被授權內置的Spring Security
X509AuthenticationFilter
,因爲它已經接受了你的證書,那麼你就可以訪問X509Certificate
爲
Object object = SecurityContextHolder.getContext().getAuthentication().getCredentials();
if (object instanceof X509Certificate)
{
X509Certificate x509Certificate = (X509Certificate) object;
//convert to bouncycastle if you want
X509CertificateHolder x509CertificateHolder =
new X509CertificateHolder(x509Certificate.getEncoded());
...
如果你打印出'cert [0] .toString()',那麼證書應該以'---- BEGIN CERTIFICATE ---- ....'開頭,最後是---- ---- END CERTIFICATE -----'? – 2013-05-09 18:46:28