Tomcat 7 Access Log with Client Certificate Name

Question

Tomcat 7 Access Log with Client Certificate Name

I am trying to include client certificate information in the tomcat access log file.

I looked at this post: https://serverfault.com/questions/624790/tomcat-log-the-equivalent-of-ssl-client-s-dn , but this only returns a certificate link, and I cannot extract any- either properties.

My log template is as follows:

pattern="... [%{javax.servlet.request.X509Certificate}r]"

This returns: [[Ljava.security.cert.X509Certificate; @ 667a078]

Is there a way to access certificate properties, for example:

 pattern="... [%{javax.servlet.request.X509Certificate.SubjectName}r]"

I would like to be able to retrieve certificate information without changing the code.

+7

logging ssl tomcat apache client-certificates

Eric Longstreet Jan 08 '16 at 19:08

source share

1 answer

Konstantin kolinko · Answer 1 · 2016-01-15T11:48:49+0000

If you authenticate the user using this name, then I think you can register the username with " %u "

If you need something else, you need to write javax.servlet.Filter or ServletRequestListener , which sets this value as an attribute to ServletRequest . The value can be any object that implements toString ().

The javax.servlet.request.X509Certificate request attribute is an array of certificates and is defined in the ch.3.9 servlet specification. SSL Attributes (Spec 3.1 Servlet)

Tomcat 7 Access Log with Client Certificate Name

More articles: