users@grizzly.java.net

Re: SSL Layer and Principals

From: Oleksiy Stashok <Oleksiy.Stashok_at_Sun.COM>
Date: Thu, 20 Aug 2009 16:51:14 +0200

Hi Alaska,

you must share how you did that :))))
What is the diff with regular SSLReadFilter?

Thanks.

WBR,
Alexey.

On Aug 20, 2009, at 16:45 , Alaska wrote:

>
> Hello Alexey,
>
> it seems to work now!
> I made an own SSLFilter (extends SSLReadFilter) from where I can get
> the
> SSLEngine + Principals.
> Thank you very much for your support!
>
> best regards,
> alaska
>
>
>
>
> Alaska wrote:
>>
>> Hello Alexey,
>>
>> i"ve just checked it up, the flag is set...
>> however the error occurs...
>>
>> thank you,
>> alaska
>>
>>
>>
>>
>> Oleksiy Stashok wrote:
>>>
>>> Hi Alaska,
>>>
>>> I'm not big security expert :)
>>> Just guess, you need to set flag, that you require client
>>> authentication.
>>> sslReadFilter.setNeedClientAuth(true);
>>>
>>> WBR,
>>> Alexey.
>>>
>>>
>>> On Aug 20, 2009, at 13:00 , Alaska wrote:
>>>
>>>>
>>>> Hello Alexey,
>>>>
>>>> How can I get the principal from the client certificate?
>>>> i tried something like:
>>>>
>>>> SSLEngine engine = ((WorkerThread)
>>>> Thread.currentThread()).getSSLEngine();
>>>>
>>>> SSLSession session = engine.getSession();
>>>>
>>>> session.getPeerPrincipal();
>>>>
>>>> and I get the error:
>>>>
>>>>
>>>> run:
>>>> truststore file has been set
>>>> keystoreUrl file has been set
>>>> Aug 20, 2009 12:56:39 PM com.sun.grizzly.Controller start
>>>> INFO: Starting Grizzly Framework 1.9.18-M1 - Thu Aug 20 12:56:39
>>>> CEST 2009
>>>> startBuffer
>>>> startBuffer
>>>> request GET / HTTP/1.1
>>>> Host: localhost:1080
>>>>
>>>> Aug 20, 2009 12:56:45 PM com.sun.grizzly.DefaultProtocolChain
>>>> executeProtocolFilter
>>>> SEVERE: ProtocolChain exception
>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> postExecute RequestControllerFilter
>>>> at
>>>> com
>>>> .sun
>>>> .net
>>>> .ssl
>>>> .internal.ssl.SSLSessionImpl.getPeerPrincipal(SSLSessionImpl.java:
>>>> 471)
>>>>
>>>> Thank you!
>>>> best regards,
>>>> alaska
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25059961.html
>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>>
>>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/SSL-Layer-and-Principals-tp25059961p25063517.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.