projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improve client certificate auth
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / HttpSessionLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index 7b7207ef3e32536b84b8c67f099617ca14d42fe1..48220a86876b7db2b3092ad9395757cc648514c5 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -201,6 +201,14 @@ public class HttpSessionLoginModule implements LoginModule {
                if (null != certs && certs.length > 0) {
                        sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certs[0].getSubjectX500Principal().getName());
                        sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, certs);
+               } else {
+                       // When client has been verified by reverse proxy
+                       String certDn = req.getHeader("SSL_CLIENT_S_DN");
+                       if (certDn != null) {
+                               sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certDn);
+                               String issuerDn = req.getHeader("SSL_CLIENT_I_DN");
+                               sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, issuerDn);
+                       }
                }
        }
 
Argeo Commons - Lightweight integration framework in pure Java/OSGi