spring - 如何将证书放入 X509 过滤器（Spring Security）？

Question

我需要提取更多信息，而不仅仅是证书的 CN。目前，我只得到标准的 UserDetails loadUserByUsername(String arg) 其中 arg 是证书的 CN。我需要获取 X509Certificate 对象。可能吗？

在 Spring Security xml 文件中：

<x509 subject-principal-regex="CN=(.*?),"  user-service-ref="myUserDetailsService" />

score 4 · Accepted Answer

不，你不能那样做。您需要从 HttpServletRequest 中获取它：

X509Certificate[] certs = (X509Certificate[])HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate");

score 1 · Accepted Answer

还值得注意的是，一旦您获得了内置 as 的授权，X509AuthenticationFilter它Spring Security已经接受了您的证书，那么您就可以访问X509Certificateas

Object object = SecurityContextHolder.getContext().getAuthentication().getCredentials();
if (object instanceof X509Certificate)
{
    X509Certificate x509Certificate = (X509Certificate) object;
    //convert to bouncycastle if you want
    X509CertificateHolder x509CertificateHolder =
        new X509CertificateHolder(x509Certificate.getEncoded());
    ...

spring - 如何将证书放入 X509 过滤器（Spring Security）？

2 回答 2

Related

Reference