This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Anyway for servlet filter to get socket that connects to client to get certs? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Anyway for servlet filter to get socket that connects to client to get certs?" Watch "Anyway for servlet filter to get socket that connects to client to get certs?" New topic
Author

Anyway for servlet filter to get socket that connects to client to get certs?

Dan Bizman
Ranch Hand

Joined: Feb 25, 2003
Posts: 387
I am writing a Servlet filter that handles authentication. One type i'm looking to implement is client-cert. To do so, the filter first checks in the request object for:

request.getAttribute( "javax.servlet.request.X509Certificate" );

however, from some comments and notes I've seen, the certificate isn't always there. So the code (for example some code I saw in one web server's implementation) gets the Socket (an SSLSocket) and asks:

socket.getNeedClientAuth() ...
socket.startHandshake()

whereupon, it can again check the request and it's there. Of course, the server's code uses internal classes to get the socket. So my question is: is there any way for me to get the socket from the request, response or anything else available to a servlet filter?

I'm assuming using getRemoteAddr() and getRemotehost() won't work because they could lock all ports but the one that's used to communicate with the web server, right? Is there any option?
Dan Bizman
Ranch Hand

Joined: Feb 25, 2003
Posts: 387
Any answers?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Anyway for servlet filter to get socket that connects to client to get certs?
 
Similar Threads
socket callback
Filter being called for Struts' forwarded JSP
How to handle an asynchronized scenario?
Can I use Spring 3 message resource bundle with another framework?
richfaces and problems with navigation