3 Replies Latest reply on Aug 4, 2004 10:16 AM by rolfarne

JaasSecurityManager and caching of X509Certificate chains

rolfarne Aug 3, 2004 12:49 PM

Hi,

I have a Login module that I use with SSL client certificates. The log from the module suggests that it is invoked by the JaasSecurityManager on every client call, even when the client (and principal) is previously authenticated, and the principal is in the cache. Other username/password based modules do not show this behavior.

My guess is that it is the validateCache method of the JaasSecurityManager that fails to match the credentials, which are X509Certificate arrays.

What is the best way to get around this? Is it as simple as to change validateCache so that is can compare arrays of X509Certificates?

1. Re: JaasSecurityManager and caching of X509Certificate chain

rolfarne Aug 4, 2004 9:31 AM (in response to rolfarne)

I've submitted a patch for this, see

https://sourceforge.net/tracker/index.php?func=detail&aid=1003258&group_id=22866&atid=376687
Actions
2. Re: JaasSecurityManager and caching of X509Certificate chain

starksm64 Aug 4, 2004 9:49 AM (in response to rolfarne)
A more generic approach would be:

else if( subjectCredential.getClass().isArray() ) { Object[] a1 = (Object[]) subjectCredential; Object[] a2 = (Object[]) credential; isValid = Arrays.equals(a1, a2); }

Can you test that out.
Actions
3. Re: JaasSecurityManager and caching of X509Certificate chain

rolfarne Aug 4, 2004 10:16 AM (in response to rolfarne)

Thanks. Yes that works correctly with X509Certificate arrays.
Actions

Go to original post