Announcement Announcement Module
Collapse
No announcement yet.
X509 smartcard authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • X509 smartcard authentication

    Hi,
    this is my first post.

    I'm trying to setup an enviroment with a non-spring application in a tomcat, well a non-spring application but with spring-security of course!
    I need only an x509 authentication, everyone that has an x509 certificate is authenticated, I don't need to check his permissions or if he exists in my DB....

    I've a tomcat with ssl and the .keystore...., and I've try with the contacts sample app too, but I can't do it, the firefox don't ask to read my card....

    Any help?
    Maybe an application-security.xml to check ?
    any quickly sample?

    thanks in advance

  • #2
    This is a tomcat problem, nothing to do with spring security. You need to configure the http-listener on tomcat to request a client certificates.

    http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

    Code:
    <Connector
                port="8443" minSpareThreads="5" maxSpareThreads="75"
                enableLookups="true" disableUploadTimeout="true"
                 acceptCount="100"  maxThreads="200"
                scheme="https" secure="true" SSLEnabled="true"
                SSLCertificateFile="/usr/local/ssl/server.crt"
                 SSLCertificateKeyFile="/usr/local/ssl/server.pem"
                clientAuth="want" sslProtocol="TLS"/>

    Comment


    • #3
      Thanks!
      it works now, but .... when I write the pass ... how can i read the smartacrd's principal?

      This is my applicationContext-security.xml
      Code:
      ....
      ...
       <http>
              <intercept-url pattern="/menu.jsp" requires-channel="https" access="IS_AUTHENTICATED_FULLY"/>        
              <!--  <intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>-->
              <form-login login-page="/index.jsp" authentication-failure-url="/index.jsp?login_error=1" default-target-url="/menu.jsp"/>
              <logout logout-success-url="/index.jsp"/>
              <x509 subject-principal-regex="CN=(.*?),"/>            
          </http>
       
           
          <authentication-provider>
              <user-service id="userService">
              	<user name="rod" password="koala" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
                  <user name="peter" password="opal" authorities="ROLE_USER" />
      	    </user-service>
      	</authentication-provider>
      
      ....
      ...

      I've read that setting the x509 tag was enough, but it doesn't work. I write the pass three times and then to the login.jsp page


      In my menu.jsp
      Code:
      ...
      <security:authentication property="principal.username"/>
      ...
      thanks a lot!

      Comment

      Working...
      X