Package org.springframework.security.web.authentication.preauth.x509

Class SubjectX500PrincipalExtractor

java.lang.Object

org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, X509PrincipalExtractor

public final class SubjectX500PrincipalExtractor
extends Object
implements X509PrincipalExtractor, org.springframework.context.MessageSourceAware

Extracts the principal from the X500Principal.getName(String) returned by X509Certificate.getSubjectX500Principal() passed into extractPrincipal(X509Certificate) depending on the value of setExtractPrincipalNameFromEmail(boolean).

Since:

7.0

Constructor Summary

Constructors

Constructor	Description
SubjectX500PrincipalExtractor()

Method Summary

Modifier and Type	Method	Description
Object	extractPrincipal(X509Certificate clientCert)	Returns the principal (usually a String) for the given certificate.
void	setExtractPrincipalNameFromEmail(boolean extractPrincipalNameFromEmail)	Sets if the principal name should be extracted from the emailAddress or CN attribute (default).
void	setMessageSource(org.springframework.context.MessageSource messageSource)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SubjectX500PrincipalExtractor

public SubjectX500PrincipalExtractor()

Method Details

extractPrincipal

public Object extractPrincipal(X509Certificate clientCert)

Description copied from interface: X509PrincipalExtractor

Returns the principal (usually a String) for the given certificate.

Specified by:

extractPrincipal in interface X509PrincipalExtractor

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)

Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

setExtractPrincipalNameFromEmail

public void setExtractPrincipalNameFromEmail(boolean extractPrincipalNameFromEmail)

Sets if the principal name should be extracted from the emailAddress or CN attribute (default). By default, the format X500Principal.RFC2253 is passed to X500Principal.getName(String) and the principal is extracted from the CN attribute as defined in Converting AttributeTypeAndValue of RFC2253. If setExtractPrincipalNameFromEmail(boolean) is true, then the format X500Principal.RFC2253 is passed to X500Principal.getName(String) and the principal is extracted from the OID.1.2.840.113549.1.9.1 (emailAddress) attribute as defined in Section 2.3 of RFC1779.

Parameters:

extractPrincipalNameFromEmail - whether to extract the principal from the emailAddress (default false)

See Also:

• RFC2253
• RFC1779