I have jetty working with SSL set up, client and server certificates (X.509) provided as required according to Spring Security and upto this it all seems working fine and verified by logs.
Now! The problem is when I access a secure page, client(Chrome) is sending a certificate and server is receiving it successfully but after that it is returning me an empty user. Does any body have any idea what is happening here?
I am providing some information about what I am trying here :
Environment
Windows/Jetty (version: 8.1.11.v20130520)/Spring Security (3.2.0)
Connector in jetty (version: 8.1.11.v20130520)
<connector implementation="org.eclipse.jetty.server.ssl.SslSocketConnector">
<port>9443</port>
<keystore>src/test/resources/server.jks</keystore>
<needClientAuth>true</needClientAuth>
<keyPassword>password</keyPassword>
<password>password</password>
</connector>
Security Configuration file
<sec:x509 subject-principal-regex="CN=(.*?)"
user-service-ref="myUserDetailsService" />
Log extract
09:42:24:214 DEBUG org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor (SubjectDnX509PrincipalExtractor.java:43) - Subject DN is 'CN=rod, OU=Spring Security, O=Spring Framework' 09:42:24:218 DEBUG org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor (SubjectDnX509PrincipalExtractor.java:58) - Extracted Principal name is ''
The subject-principal-regex you use is wrong. If you want the extracted principal to be rod for the DN in the log message, set the pattern to CN=(.*?), (note the comma at the end). Btw, I think it is the default pattern, so you might as well just skip this setting.