users@grizzly.java.net

Re: SSL Layer and Principals

From: Alaska <bagirin_at_gmx.de>
Date: Thu, 20 Aug 2009 07:45:53 -0700 (PDT)

Hello Alexey,

it seems to work now!
I made an own SSLFilter (extends SSLReadFilter) from where I can get the
SSLEngine + Principals.
Thank you very much for your support!

best regards,
alaska




Alaska wrote:
>
> Hello Alexey,
>
> i"ve just checked it up, the flag is set...
> however the error occurs...
>
> thank you,
> alaska
>
>
>
>
> Oleksiy Stashok wrote:
>>
>> Hi Alaska,
>>
>> I'm not big security expert :)
>> Just guess, you need to set flag, that you require client
>> authentication.
>> sslReadFilter.setNeedClientAuth(true);
>>
>> WBR,
>> Alexey.
>>
>>
>> On Aug 20, 2009, at 13:00 , Alaska wrote:
>>
>>>
>>> Hello Alexey,
>>>
>>> How can I get the principal from the client certificate?
>>> i tried something like:
>>>
>>> SSLEngine engine = ((WorkerThread)
>>> Thread.currentThread()).getSSLEngine();
>>>
>>> SSLSession session = engine.getSession();
>>>
>>> session.getPeerPrincipal();
>>>
>>> and I get the error:
>>>
>>>
>>> run:
>>> truststore file has been set
>>> keystoreUrl file has been set
>>> Aug 20, 2009 12:56:39 PM com.sun.grizzly.Controller start
>>> INFO: Starting Grizzly Framework 1.9.18-M1 - Thu Aug 20 12:56:39
>>> CEST 2009
>>> startBuffer
>>> startBuffer
>>> request GET / HTTP/1.1
>>> Host: localhost:1080
>>>
>>> Aug 20, 2009 12:56:45 PM com.sun.grizzly.DefaultProtocolChain
>>> executeProtocolFilter
>>> SEVERE: ProtocolChain exception
>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>> postExecute RequestControllerFilter
>>> at
>>> com
>>> .sun
>>> .net
>>> .ssl
>>> .internal.ssl.SSLSessionImpl.getPeerPrincipal(SSLSessionImpl.java:471)
>>>
>>> Thank you!
>>> best regards,
>>> alaska
>>> --
>>> View this message in context:
>>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25059961.html
>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>>
>>
>
> 

-- 
View this message in context: http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25063517.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.