Package org.springframework.security.web.authentication.preauth.x509

Class SubjectDnX509PrincipalExtractor

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, X509PrincipalExtractor
    public class SubjectDnX509PrincipalExtractor
extends java.lang.Object
implements X509PrincipalExtractor, org.springframework.context.MessageSourceAware
    Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to X509Certificate.getSubjectDN()).

    The regular expression should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".

    The matches are case insensitive. So "emailAddress=(.*?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.apache.commons.logging.Log logger  
      protected org.springframework.context.support.MessageSourceAccessor messages  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Object extractPrincipal​(java.security.cert.X509Certificate clientCert)
      Returns the principal (usually a String) for the given certificate.
      void setMessageSource​(org.springframework.context.MessageSource messageSource)  
      void setSubjectDnRegex​(java.lang.String subjectDnRegex)
      Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        protected final org.apache.commons.logging.Log logger

      • messages

        protected org.springframework.context.support.MessageSourceAccessor messages

    • Constructor Detail

      • SubjectDnX509PrincipalExtractor

        public SubjectDnX509PrincipalExtractor()

    • Method Detail

      • extractPrincipal

        public java.lang.Object extractPrincipal​(java.security.cert.X509Certificate clientCert)
        Description copied from interface: X509PrincipalExtractor
        Returns the principal (usually a String) for the given certificate.
        Specified by:
        extractPrincipal in interface X509PrincipalExtractor

      • setSubjectDnRegex

        public void setSubjectDnRegex​(java.lang.String subjectDnRegex)
        Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.

        It should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".

        The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a user name "jimi@hendrix.org"

        Parameters:
        subjectDnRegex - the regular expression to find in the subject

      • setMessageSource

        public void setMessageSource​(org.springframework.context.MessageSource messageSource)
        Specified by:
        setMessageSource in interface org.springframework.context.MessageSourceAware
        Since:
        5.5