users@jersey.java.net

[Jersey] Re: Server-side access control using client's X509 certificate DN

From: Jakub Podlesak <jakub.podlesak_at_oracle.com>
Date: Mon, 23 Mar 2015 13:43:14 +0100

Hi John,

I am happy to hear that.

And thanks for sharing your solution with others!

Cheers,

~Jakub

> On 18 Mar 2015, at 17:32, John MacAuley <john_at_blackacorn.ca> wrote:
>
> Thanks Jakub,
>
> That worked for me. Here is the example code.
>
> import javax.ws.rs.container.ContainerRequestContext;
> import javax.ws.rs.container.ContainerRequestFilter;
> import javax.ws.rs.container.PreMatching;
> import javax.ws.rs.ext.Provider;
>
> import org.slf4j.Logger;
> import org.slf4j.LoggerFactory;
>
> @Provider
> @PreMatching
> public class SecurityFilter implements ContainerRequestFilter {
> private final Logger log = LoggerFactory.getLogger(getClass());
>
> @javax.inject.Inject
> private javax.inject.Provider<org.glassfish.grizzly.http.server.Request> request;
>
> @Override
> public void filter(ContainerRequestContext filterContext) {
>
> if (request != null) {
> log.debug("User principle: " + request.get().getUserPrincipal().getName());
> }
> }
> }
>
> John
>
> On 2015-03-18, at 5:24 AM, Jakub Podlesak <jakub.podlesak_at_oracle.com <mailto:jakub.podlesak_at_oracle.com>> wrote:
>
>> Hi John,
>>
>> You should be able to get Grizzly request (https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/http/server/Request.html <https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/http/server/Request.html>)
>> injected into your filter. I am not sure if there is a possibility to get desired information from there, but you could ask help
>> at the Grizzly mailing list: https://grizzly.java.net/mailing.html <https://grizzly.java.net/mailing.html>
>>
>> CCing Oleksiy just in case.
>>
>> ~Jakub
>>
>>
>>> On 18 Mar 2015, at 05:35, John MacAuley <john_at_blackacorn.ca <mailto:john_at_blackacorn.ca>> wrote:
>>>
>>> Peoples,
>>>
>>> I using JAX-RS with Jersey 2.17 and Grizzly as my HTTP server. I have client authentication configured and working, however, I am attempting to implement access control on the client's X.509 certificate DN. This will give me equivalent capabilities to what I have with Apache httpd and FakeBasicAuth configured.
>>>
>>> I have attempted to use a ContainerRequestFilter but can seem to find a way to get a reference to the client's DN associated with the TLS session. Can someone show me a way to get access to the certificate with the ContainerRequestFilter or any other mechanism for achieving the same end goal?
>>>
>>> Thank you!
>>> John
>>
>