users@jersey.java.net

[Jersey] Re: Server-side access control using client's X509 certificate DN

From: Jakub Podlesak <jakub.podlesak_at_oracle.com>
Date: Wed, 18 Mar 2015 10:24:16 +0100

Hi John,

You should be able to get Grizzly request (https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/http/server/Request.html <https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/http/server/Request.html>)
injected into your filter. I am not sure if there is a possibility to get desired information from there, but you could ask help
at the Grizzly mailing list: https://grizzly.java.net/mailing.html <https://grizzly.java.net/mailing.html>

CCing Oleksiy just in case.

~Jakub


> On 18 Mar 2015, at 05:35, John MacAuley <john_at_blackacorn.ca> wrote:
>
> Peoples,
>
> I using JAX-RS with Jersey 2.17 and Grizzly as my HTTP server. I have client authentication configured and working, however, I am attempting to implement access control on the client's X.509 certificate DN. This will give me equivalent capabilities to what I have with Apache httpd and FakeBasicAuth configured.
>
> I have attempted to use a ContainerRequestFilter but can seem to find a way to get a reference to the client's DN associated with the TLS session. Can someone show me a way to get access to the certificate with the ContainerRequestFilter or any other mechanism for achieving the same end goal?
>
> Thank you!
> John