How to get the certificate into the X509 filter (Spring Security)?

Question

I need to extract more information than just the CN of the certificate. Currently, I only get the standard UserDetails loadUserByUsername(String arg) where arg is the CN of the certificate. I need to get the X509Certificate object. Is it possible?

on spring security xml file :

<x509 subject-principal-regex="CN=(.*?),"  user-service-ref="myUserDetailsService" />

score 6 · Answer 1 · answered Jul 09 '09 at 14:49

6

No you can't get it that way. You need to grab it from the HttpServletRequest:

X509Certificate[] certs = (X509Certificate[])HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate");

answered Jul 09 '09 at 14:49

Gandalf

9,648
8
53
88

If you print out `cert[0].toString()`, should the cert begin with something like `---- BEGIN CERTIFICATE ---- ....` and end with `---- END CERTIFICATE -----`? – Kevin Meredith May 09 '13 at 18:46

score 1 · Answer 2 · answered Nov 10 '14 at 13:29

It is also worth noting that once you are authorized by the in-built X509AuthenticationFilter of Spring Security as it has accepted your certificate, then you can access the X509Certificate as

Object object = SecurityContextHolder.getContext().getAuthentication().getCredentials();
if (object instanceof X509Certificate)
{
    X509Certificate x509Certificate = (X509Certificate) object;
    //convert to bouncycastle if you want
    X509CertificateHolder x509CertificateHolder =
        new X509CertificateHolder(x509Certificate.getEncoded());
    ...

How to get the certificate into the X509 filter (Spring Security)?

2 Answers2

Linked