I'm trying to setup mutual authentication on a Tomcat 7 app. My server.xml has the following connector:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443"
enableLookups="true"
acceptCount="100"
connectionTimeout="20000"
useURIValidationHack="false"
disableUploadTimeout="true"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="servercert.jks"
keystorePass="password"
truststoreFile="truststore.jks"
truststorePass="password"
clientAuth="true"
sslProtocol="TLS" />
When I try to hit a struts action using a similar URL to "https://testserver:8443/myapp/LoadUser.do", I am prompted by the browser for a client certificate. When I provide a certificate which is trusted by my server, it seems to authenticate just fine. On the server side, I'm expecting to get the client certificate's Common Name by calling request.getUserPrincipal(), but it's just null. Am I correct in assuming that getUserPrincipa() should be set to the CN? If yes, what am I doing wrong/missing. If no, how can I retrieve the CN on the server side?
Thanks.
I was looking in the wrong place like a dummy. I get all certificate information from the request :
request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR);