Check X509 certificate revocation status in Spring-Security before authenticating

Question

Is it possible to check the revocation status of a x509 client certificate through the CRL in spring-security before authenticating it? I\'ve checked documentations (http://

Answer 1

The SSL handshake is performed by the servlet container, rather than Spring Security, so any CRL checking should probably occur at that point. Spring Security treats it as a "pre-authentication" scenrario.

Spring Security just reads the (already SSL-authenticated) certificate and allows you to link it to a local user account.