Geek asks and answers

Redirect client certificates from Apache to Tomcat

I am trying to transfer the x509 client certificate (I have a test certificate installed in my browser) from the Apache web server (SSL) to the Tomcat application. The way I configured it right now, the certificate was not found (hence not redirected) by the spring application.

DEBUG: [http-8080-1]  org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter - No client certificate found in request.

The Apache server file is ssl.confconfigured as follows (I skipped the non-essential parts):

LoadModule ssl_module modules/mod_ssl.so

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

NameVirtualHost *:443

<VirtualHost *:443>

    ...

    SSLVerifyClient require
    SSLVerifyDepth 2

    ...

    # initialize the SSL headers to a blank value to avoid http header forgeries
    RequestHeader set SSL_CLIENT_CERT ""
    RequestHeader set SSL_CLIENT_VERIFY ""

    # add whatever SSL_* variables needed to pass to web application
    RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"

    RequestHeader add X-Forwarded-Scheme https

    ProxyPass /testcert http://127.0.0.1:8080/testcert
    ProxyPassReverse /testcert http://127.0.0.1:8080/testcert

</VirtualHost>

Is there a way to configure this in Apache where the entire certificate is sent to the Tomcat server? I know what I can use ajp, but I try to do it without this method.

+5
source share
1 answer

, tomcat , - HTTP, HTTPS. , certifcate , .

getPreAuthenticationCredentials X509AuthenticationFilter. , , .

Bean

<x509 /> beans. , , beans XML. :

<http entry-point-ref="http403">
    <custom-filter position="PRE_AUTH_FILTER" ref="x509Filter" />
</http>

<bean id="http403" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

<bean id="x509Filter" class="YourExtendedX509AuthenticaitonFilter" />
+8

More articles:


All Articles