org.springframework.security.web.authentication.preauth.x509
Class SubjectDnX509PrincipalExtractor

java.lang.Object
  extended by org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
All Implemented Interfaces:
X509PrincipalExtractor

public class SubjectDnX509PrincipalExtractor
extends Object
implements X509PrincipalExtractor

Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to X509Certificate.getSubjectDN()).

The regular expression should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".

The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"


Field Summary
protected  org.apache.commons.logging.Log logger
           
protected  MessageSourceAccessor messages
           
 
Constructor Summary
SubjectDnX509PrincipalExtractor()
           
 
Method Summary
 Object extractPrincipal(X509Certificate clientCert)
          Returns the principal (usually a String) for the given certificate.
 void setMessageSource(MessageSource messageSource)
           
 void setSubjectDnRegex(String subjectDnRegex)
          Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected final org.apache.commons.logging.Log logger

messages

protected MessageSourceAccessor messages
Constructor Detail

SubjectDnX509PrincipalExtractor

public SubjectDnX509PrincipalExtractor()
Method Detail

extractPrincipal

public Object extractPrincipal(X509Certificate clientCert)
Description copied from interface: X509PrincipalExtractor
Returns the principal (usually a String) for the given certificate.

Specified by:
extractPrincipal in interface X509PrincipalExtractor

setSubjectDnRegex

public void setSubjectDnRegex(String subjectDnRegex)
Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.

It should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".

The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"

Parameters:
subjectDnRegex - the regular expression to find in the subject

setMessageSource

public void setMessageSource(MessageSource messageSource)