Determine SSL Client Identity from Application - Weblogic

This is a discussion on Determine SSL Client Identity from Application - Weblogic ; Hi, I have an application running on WLS 8.1 which is configured for 2 Way SSL. When a client connects to my server they have to present their Certificate as part of making the connection. I will have several SSL ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Determine SSL Client Identity from Application

  1. Determine SSL Client Identity from Application

    Hi,

    I have an application running on WLS 8.1 which is configured for 2 Way SSL. When a client connects to my server they have to present their Certificate as part of making the connection.

    I will have several SSL clients and each have been assigned their own indiviudal business level identities and I want to ensure that one isn't trying to pretend to be the other.

    I would therefore like to be able to access their certificate from the application in order to determine their credentials from it and check that they have also sent in the expected business level identity.

    Is there an API I can use to do this or some other means?

    Thanks,
    Alan

  2. Re: Determine SSL Client Identity from Application

    If you are invoking a servlet, you can get the credentials from the HTTPServletRequest.getUserPrincipal method. If you are invoking an EJB, you can get the credentials from the SessionContext.getCallerPrincipal method.

    Eric

  3. Re: Determine SSL Client Identity from Application

    The client is submitting a message directly to a JMS queue rather than to an EJB/Servlet and MDB's are not allowed to call getCallerPrincipal. So in our approach the client context is lost. Unless there is a way to do this in JMS it looks like the client would need to call an EJB instead to enable the querying of their credentials.

    Thanks,
    Alan

+ Reply to Thread