Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
698 views
in Technique[技术] by (71.8m points)

java - Check X509 certificate revocation status in Spring-Security before authenticating

Is it possible to check the revocation status of a x509 client certificate through the CRL in spring-security before authenticating it? I've checked documentations (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html) but it doesn't mention anything about CRL.

Implementing UserService only gives you the username and not the X509Certificate. Any help would be appreciated!

Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I'm not sure about the specifics of Spring-Security, but if it's based on the trustmanagers of the JRE (if if it's the Oracle/Sun JRE), you can activate CRL checks by setting these system properties to true: com.sun.net.ssl.checkRevocation and com.sun.security.enableCRLDP, and setting Security.setProperty("ocsp.enable", "true") (thanks to @WillSargent for pointing out it's a Security property, not a system one).

More details here:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...