On Oct 7, 2009, at 1:12 PM, Zoltan Arnold NAGY wrote:
> Thanks Oleksiy and Paul, it works like a charm. See the code below
> how I extract data from the cert.
>
> On a theoretical level - what do you think about using client side
> certificates, signed by the server acting as a CA as
> way of authentication?
>
I think there could be something in it.
Do you know about foaf+ssl ?
http://blogs.sun.com/bblfish/entry/foaf_ssl_creating_a_global
Perhaps you could experiment with foaf+ssl too?
CC'ing Henry.
Paul.
> The user must posess the private key, and if he does, I can be sure
> who he is. And I can check the certificate 'cause
> I'm the CA on the server side :-)
>
> --
>
> So just to sum it up for the archives:
>
> public class SecurityFilter implements ContainerRequestFilter {
> public ContainerRequest filter(ContainerRequest request) {
> SSLSession session = ((com.sun.grizzly.util.WorkerThread)
> Thread.currentThread()).getSSLEngine().getSession();
> X509Certificate[] cert = (X509Certificate[])
> session.getLocalCertificates();
>
> X500Principal principal = cert[0].getIssuerX500Principal();
> // extract data from principal, etc.
> return request;
> }
> }
>
> and we need to attach this filter to jersey, before adding it's
> adapter to GWS:
> [..]
>
> jerseyAdapter
> .addInitParameter(ResourceConfig.PROPERTY_CONTAINER_REQUEST_FILTERS,
> SecurityFilter.class.getName());
> webServer.addGrizzlyAdapter(jerseyAdapter, new String[]{"/"});
>
>
> Thanks everyone,
> Zoltan
>
> Paul Sandoz wrote:
>>
>> On Oct 7, 2009, at 10:50 AM, Oleksiy Stashok wrote:
>>
>>> Hi Zoltan,
>>>
>>> please try following:
>>>
>>> ((com.sun.grizzly.util.WorkerThread)
>>> Thread.currentThread()).getSSLEngine();
>>>
>> and see the following sample for using Jersey with SSL+Grizzly:
>>
>> http://download.java.net/maven/2/com/sun/jersey/samples/https-clientserver-grizzly/1.1.3-ea/https-clientserver-grizzly-1.1.3-ea-project.zip
>>
>> If you look in there it is doing some funky stuff in a filter
>> setting the SecurityContext. You can provide your own
>> implementation to extract stuff from the WorkerThread.
>>
>> Paul.
>>
>>> Hope this will help.
>>>
>>> WBR,
>>> Alexey.
>>>
>>> On Oct 6, 2009, at 23:39 , Zoltan Arnold NAGY wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> I'm trying to implement authentication using client-side ssl
>>>> certificates with Grizzly, running
>>>> latest Jersey to serve RESTful content.
>>>>
>>>> The SSL stuff works fine, but for authorization to be able to
>>>> occur, I'd need to get the
>>>> SubjectDN from the SSLEngine's Session.
>>>>
>>>> Is there a way to get that inside a Jersey request?
>>>>
>>>> Maybe I could insert my own class before each (jersey's) adapter
>>>> call, and pass
>>>> it on, somehow?
>>>>
>>>> Any pointers are welcome.
>>>>
>>>> Thanks,
>>>> Zoltan
>>>>
>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4485 (20091006) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>>
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4486 (20091007) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4486 (20091007) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>