I cross posted this question, but with more detail, to the Hudson group, as that was the webapp in question.
http://www.nabble.com/How-to-login-to-Hudson-with-a-certificate-td22826800r0.html (set your rating filter to 0 to see all the posts).
End result -- I was able to get the webapp working by wrapping the request object and overriding the principal object that was being sent. I don't think this is necessarily the best approach to this. Does anybody else have suggestions?
Here is what I did:
"As per topher1120's suggestion, I have created a working version of what I need. I ended up creating CertServletFilter, CertHttpServletRequestWrapper, and CertPrincipal classes. The servlet filter extracts the email address from the X509 cert, and passes the email address and original request to the constructor of the request wrapper. The wrapper creates a Principal object and passes it the email address. I override the getName() method of Principal to return the email address. I override the getUserPrincipal() method of the RequestWrapper to return the CertPrincipal. Now when I go to any hudson page, my email address shows up automatically in the login area."
Thanks,
John
[Message sent by forum member 'warrior389' (warrior389)]
http://forums.java.net/jive/thread.jspa?messageID=340989