accessing SSLEngine on per-request? (jersey related)

> Hello everyone,
>
> I'm trying to implement authentication using client-side ssl  
> certificates with Grizzly, running
> latest Jersey to serve RESTful content.
>
> The SSL stuff works fine, but for authorization to be able to occur,  
> I'd need to get the
> SubjectDN from the SSLEngine's Session.
>
> Is there a way to get that inside a Jersey request?
>
> Maybe I could insert my own class before each (jersey's) adapter  
> call, and pass
> it on, somehow?
>
> Any pointers are welcome.
>
> Thanks,
> Zoltan
>
>
> __________ Information from ESET Smart Security, version of virus  
> signature database 4485 (20091006) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>

> Hope this will help.
>
> WBR,
> Alexey.
>
> On Oct 6, 2009, at 23:39 , Zoltan Arnold NAGY wrote:
>
>> Hello everyone,
>>
>> I'm trying to implement authentication using client-side ssl  
>> certificates with Grizzly, running
>> latest Jersey to serve RESTful content.
>>
>> The SSL stuff works fine, but for authorization to be able to  
>> occur, I'd need to get the
>> SubjectDN from the SSLEngine's Session.
>>
>> Is there a way to get that inside a Jersey request?
>>
>> Maybe I could insert my own class before each (jersey's) adapter  
>> call, and pass
>> it on, somehow?
>>
>> Any pointers are welcome.
>>
>> Thanks,
>> Zoltan
>>
>>
>> __________ Information from ESET Smart Security, version of virus  
>> signature database 4485 (20091006) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>

>
> On Oct 7, 2009, at 10:50 AM, Oleksiy Stashok wrote:
>
>> Hi Zoltan,
>>
>> please try following:
>>
>> ((com.sun.grizzly.util.WorkerThread)
>> Thread.currentThread()).getSSLEngine();
>>
> and see the following sample for using Jersey with SSL+Grizzly:
>
>  
> http://download.java.net/maven/2/com/sun/jersey/samples/https-clientserver-grizzly/1.1.3-ea/https-clientserver-grizzly-1.1.3-ea-project.zip 
>
>
> If you look in there it is doing some funky stuff in a filter setting
> the SecurityContext. You can provide your own implementation to
> extract stuff from the WorkerThread.
>
> Paul.
>
>> Hope this will help.
>>
>> WBR,
>> Alexey.
>>
>> On Oct 6, 2009, at 23:39 , Zoltan Arnold NAGY wrote:
>>
>>> Hello everyone,
>>>
>>> I'm trying to implement authentication using client-side ssl
>>> certificates with Grizzly, running
>>> latest Jersey to serve RESTful content.
>>>
>>> The SSL stuff works fine, but for authorization to be able to occur,
>>> I'd need to get the
>>> SubjectDN from the SSLEngine's Session.
>>>
>>> Is there a way to get that inside a Jersey request?
>>>
>>> Maybe I could insert my own class before each (jersey's) adapter
>>> call, and pass
>>> it on, somehow?
>>>
>>> Any pointers are welcome.
>>>
>>> Thanks,
>>> Zoltan
>>>
>>>
>>> __________ Information from ESET Smart Security, version of virus
>>> signature database 4485 (20091006) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4486 (20091007) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>

> The user must posess the private key, and if he does, I can be sure  
> who he is. And I can check the certificate 'cause
> I'm the CA on the server side :-)
>
> --
>
> So just to sum it up for the archives:
>
> public class SecurityFilter implements ContainerRequestFilter {
>   public ContainerRequest filter(ContainerRequest request) {
>       SSLSession session = ((com.sun.grizzly.util.WorkerThread)  
> Thread.currentThread()).getSSLEngine().getSession();
>       X509Certificate[] cert = (X509Certificate[])  
> session.getLocalCertificates();
>
>       X500Principal principal = cert[0].getIssuerX500Principal();
>       // extract data from principal, etc.
>       return request;
>   }
> }
>
> and we need to attach this filter to jersey, before adding it's  
> adapter to GWS:
> [..]
>        
> jerseyAdapter
> .addInitParameter(ResourceConfig.PROPERTY_CONTAINER_REQUEST_FILTERS,  
> SecurityFilter.class.getName());
>       webServer.addGrizzlyAdapter(jerseyAdapter, new String[]{"/"});
>
>
> Thanks everyone,
> Zoltan
>
> Paul Sandoz wrote:
>>
>> On Oct 7, 2009, at 10:50 AM, Oleksiy Stashok wrote:
>>
>>> Hi Zoltan,
>>>
>>> please try following:
>>>
>>> ((com.sun.grizzly.util.WorkerThread)  
>>> Thread.currentThread()).getSSLEngine();
>>>
>> and see the following sample for using Jersey with SSL+Grizzly:
>>
>>  http://download.java.net/maven/2/com/sun/jersey/samples/https-clientserver-grizzly/1.1.3-ea/https-clientserver-grizzly-1.1.3-ea-project.zip
>>
>> If you look in there it is doing some funky stuff in a filter  
>> setting the SecurityContext. You can provide your own  
>> implementation to extract stuff from the WorkerThread.
>>
>> Paul.
>>
>>> Hope this will help.
>>>
>>> WBR,
>>> Alexey.
>>>
>>> On Oct 6, 2009, at 23:39 , Zoltan Arnold NAGY wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> I'm trying to implement authentication using client-side ssl  
>>>> certificates with Grizzly, running
>>>> latest Jersey to serve RESTful content.
>>>>
>>>> The SSL stuff works fine, but for authorization to be able to  
>>>> occur, I'd need to get the
>>>> SubjectDN from the SSLEngine's Session.
>>>>
>>>> Is there a way to get that inside a Jersey request?
>>>>
>>>> Maybe I could insert my own class before each (jersey's) adapter  
>>>> call, and pass
>>>> it on, somehow?
>>>>
>>>> Any pointers are welcome.
>>>>
>>>> Thanks,
>>>> Zoltan
>>>>
>>>>
>>>> __________ Information from ESET Smart Security, version of virus  
>>>> signature database 4485 (20091006) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>> For additional commands, e-mail: users-help@...
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>>
>>
>> __________ Information from ESET Smart Security, version of virus  
>> signature database 4486 (20091007) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>
>
>
> __________ Information from ESET Smart Security, version of virus  
> signature database 4486 (20091007) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>