1 package org.springframework.security.ui.preauth.x509;
2
3 import org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter;
4 import org.springframework.security.ui.FilterChainOrder;
5
6 import javax.servlet.http.HttpServletRequest;
7 import java.security.cert.X509Certificate;
8
9
10
11
12
13 public class X509PreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
14 private X509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
15
16 protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
17 X509Certificate cert = extractClientCertificate(request);
18
19 if (cert == null) {
20 return null;
21 }
22
23 return principalExtractor.extractPrincipal(cert);
24 }
25
26 protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
27 return extractClientCertificate(request);
28 }
29
30 private X509Certificate extractClientCertificate(HttpServletRequest request) {
31 X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
32
33 if (certs != null && certs.length > 0) {
34 if (logger.isDebugEnabled()) {
35 logger.debug("X.509 client authentication certificate:" + certs[0]);
36 }
37
38 return certs[0];
39 }
40
41 if (logger.isDebugEnabled()) {
42 logger.debug("No client certificate found in request.");
43 }
44
45 return null;
46 }
47
48 public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
49 this.principalExtractor = principalExtractor;
50 }
51
52 public int getOrder() {
53 return FilterChainOrder.X509_FILTER;
54 }
55 }