June 26, 2016

How JBoss EAP 6 Recieves Client Certificate with CLIENT-CERT

When you configure you web application with client certificate authentication.

The jbossweb/catalina valve is receiving the client certificate by:
org.apache.catalina.authenticator.SSLAuthenticator#authenticate(Request, HttpServletResponse, LoginConfig)

org.apache.catalina.connector.Request#getCertificateChain()

org.apache.catalina.CERTIFICATES_ATTR

Reference from JBoss EAP 6.4 and http://maven.repository.redhat.com/techpreview/all/org/jboss/web/jbossweb/7.5.7.Final-redhat-1/jbossweb-7.5.7.Final-redhat-1-sources.jar.

No comments: