Java 如何在Jersey服务器中获取/注入当前SSLSession?
我有一个JAX-RS应用程序(Jersey 2.22),其中我需要获取对等SSL客户端证书(服务器启用了相互SSL身份验证) 我试图实现以下目标:Java 如何在Jersey服务器中获取/注入当前SSLSession?,java,ssl,jersey,jax-rs,Java,Ssl,Jersey,Jax Rs,我有一个JAX-RS应用程序(Jersey 2.22),其中我需要获取对等SSL客户端证书(服务器启用了相互SSL身份验证) 我试图实现以下目标: @GET @Produces(MediaType.TEXT_PLAIN) public String clientCertificates() { SSLContext sslContext = SSLContext.getDefault(); SSLSessionContext clientContext = sslContext.
@GET
@Produces(MediaType.TEXT_PLAIN)
public String clientCertificates() {
SSLContext sslContext = SSLContext.getDefault();
SSLSessionContext clientContext = sslContext.getClientSessionContext();
byte[] sessionId = clientContext.getIds().nextElement();
SSLSession clientSession = clientContext.getSession(sessionId);
Certificate[] certificates = clientSession.getPeerCertificates();
return "The client provided " + certificates.length + " certificates.";
}
但是这会在clientContext.getIds().nextElement()上抛出一个NoSuchElementException,即使客户端确实提供了服务器接受的有效SSL证书来建立会话(我正在使用Glassfish 4、WildFly 9和WildFly 10进行尝试)
注意:web.xml CLIENT-CERT auth方法不是我所需要的:我需要获得对客户端证书的引用。我发现此方法(未选中)用于从ContainerRequestFilter
从ContainerRequestContext
获取提供的证书,如果有的话:
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
X509Certificate[] certificates = (X509Certificate[]) requestContext.getProperty("javax.servlet.request.X509Certificate");
Principal principal = certificates[0].getSubjectX500Principal();
}
}