-
1. Re: CLIENT-CERT Authentication Config
bartvh May 2, 2003 8:34 AM (in response to medthomas)From looking at the source release, an updated version of the patch (you are talking about the 'jetty' patch aren't you?) has been applied in 3.2.0.
However, I have my questions about the behaviour. I have a simple servlet that just prints out the getCallerPrincipal() and getRemoteUser(). The result to me is not very useable, because you simply get a string representation with the serial number of the certificate, and the DN of the CA that issued the certificate.
It would be nice if I could at least write a LoginModule where i can get the certificate objects. I tried to create one but I fail to see how I could get a hold of these objects. -
2. Re: CLIENT-CERT Authentication Config
didi1976 May 9, 2003 4:15 AM (in response to medthomas)Hi,
here is a simple skelleton of a Login Module which you could use.
The Credential contains the CertificateChain.
Just put your checks within the login-method and return the roles for the user in the getRoleSet-method.
I have tested it with 3.2.0 + Tomcat 4.1.24 but I did some modifications on JBossSecurityMgrRealm.java to get it working. This modifications are already commited to 3.2.1 but I did not have time to check that till now.
Didi -
3. Re: CLIENT-CERT Authentication Config
medthomas May 10, 2003 2:47 AM (in response to medthomas)Didi,
Thanks for your help. I have upgraded to 3.2.1 with tomcat 4.1.24 and have managed to get it working although not quite in the way I expected (request.getRemoteUser() returns cert serial + issuer DN). I am not sure that this is standard behaviour. I am planning to have a look at this and your login module this weekend.
Mark