<!-- The JAAS based authentication and authorization realm implementati on that is compatible with the jboss 3.2.x realm implementation. - certificatePrincipal : the class name of the org.jboss.security.auth.certs.CertificatePrincipal impl used for mapping X509 cert chains to a Princpal. - allRolesMode : how to handle an auth-constraint with a role-name=*, one of strict, authOnly, strictAuthOnly + strict = Use the strict servlet spec interpretation which requires that the user have one of the web-app/security-role/role-name + authOnly = Allow any authenticated user + strictAuthOnly = Allow any authenticated user only if there are no web-app/security-roles --> <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping " allRolesMode="authOnly" />
server.xml - Realm
I think you need an implementation of CertificatePrincipal
thanks, I supposed that the solution is realted to "CertificatePrincipal" and RealMap. But I am looking for an example how to map a CN or a DN with a login name.
DN="CN=John Smith, O=IBM, C=US", and I need that "Principal = jsmith".
My really problem is that the DN of my users are really complex.
You will need to provide an implementation of the CertificatePrincipal interface.