I'm using a Grizzly server to serve up my secure jersey resource. The resource expects client authentication and that the client certificate's subjectDN CN portion contains a username I can use for authorization purposes within my server. SSL obviously handles authentication, but I need the client certificate in order to access the subject DN so I can find out who connected to me.
This works fine when using a Tomcat server, for example, because tomcat provides a full servlet environment, so I can inject @Context HttpServletRequest into my resource. I can then access the client cert from this context. But when I'm just running a Grizzly server in my Java application, I get an error:
Could not find a suitable constructor in javax.servlet.http.HttpServletRequest class.
Which seems to mean that the servlet request context could not be injected into my resource method.
I know I can add a WebappContext and ServletRegistation, then map requests to this servlet, but I'm wondering if it's possible to access the client certificate without a servlet context in a stand-alone grizzly server? Seems to me like quite an oversight if not; after all, Grizzly allows you to set up full mutually authenticated connections without a servlet context, but then doesn't appear to provide a way of letting you find out who connected to you.
I haven't yet found a way to obtain the full client certificate but, as I stated in my question, I was really only looking for a way to obtain the subjectDN - the principal. As it turns out, you can inject a
@Context SecurityContextinto your resource and then obtain the principal from that object.