I am new to spring-security in general and am a bit confused. The project

Question

0

Asked: May 15, 20262026-05-15T06:25:13+00:00 2026-05-15T06:25:13+00:00

I am new to spring-security in general and am a bit confused. The project

0

I am new to spring-security in general and am a bit confused.

The project I am trying to integrate this with uses X509 certificates to identify users for signing in to the application. There are no usernames or passwords. We validate the certificates are good, and that they have been given access to our app.

The question is how do I integrate spring in to this to get their roles using the X509 certificates?

I have seen this:

<http>
 ...
    <x509 subject-principal-regex="CN=(.*?)," user-service-ref="userService"/>
 ...
</http>

But I don’t understand how this works. Will it still require something for a password? Or is the subject all it needs?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T06:25:14+00:00

But I don’t understand how this works. Will it still require something for a password? Or is the subject all it needs?

I think that that is all it needs. I believe that the model is that the TLS protocol determines that the user / client “owns” the certificate using public key encryption techniques that boil down to the user / client knowing the private key for the certificate. It is assumed that only the user will know his own private key, and therefore that who / whatever can prove knowledge of the key is the user.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am new to spring-security in general and am a bit confused. The project

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply