View | Details | Raw Unified | Return to bug 52500
Collapse All | Expand All

(-)org/apache/catalina/Realm.java (+22 lines)
Lines 191-194 Link Here
191
    public void removePropertyChangeListener(PropertyChangeListener listener);
191
    public void removePropertyChangeListener(PropertyChangeListener listener);
192
192
193
193
194
    /**
195
     * @param userNameRetrieveField
196
     * The parameter indicates which certificate field contains the User Name. 
197
     * Options are: SubjectDN or SubjectAlternativeName.
198
     * 
199
     */
200
    public void setX509UserNameRetrieveField(String userNameRetrieveField);
201
202
    /**
203
     * @param userNameRetrieveFieldPart
204
     * If a part of the input field is used, 
205
     * this parameter indicates which part of the relevant field constitutes the username. 
206
     * The value is a code letter based on a legend defined in the certificate itself 
207
     */
208
    public void setX509UserNameRetrieveFieldPart(String userNameRetrieveFieldPart);
209
    
210
    /**
211
     * @param className
212
     * Class that implements UserNameRetriever
213
     */
214
    public void setX509UserNameRetrieverClassName(String className);
215
194
}
216
}
(-)org/apache/catalina/realm/UserNameRetriever.java (+10 lines)
Line 0 Link Here
1
/**
2
 * @author Michael Furman
3
 */
4
package org.apache.catalina.realm;
5
6
import java.security.cert.X509Certificate;
7
8
public interface UserNameRetriever {
9
	String getUserName(X509Certificate clientCert);
10
}
(-)org/apache/catalina/realm/SubjectDnRetriever.java (+140 lines)
Line 0 Link Here
1
/**
2
 * @author Michael Furman
3
 */
4
package org.apache.catalina.realm;
5
6
import java.security.cert.X509Certificate;
7
import java.util.List;
8
9
import javax.naming.InvalidNameException;
10
import javax.naming.ldap.LdapName;
11
import javax.naming.ldap.Rdn;
12
13
import org.apache.juli.logging.Log;
14
import org.apache.juli.logging.LogFactory;
15
16
17
public class SubjectDnRetriever implements UserNameRetriever {
18
	/**
19
	 * Logger for this class
20
	 */
21
	protected final Log logger = LogFactory.getLog(getClass());	
22
	 
23
24
	
25
	private String subjectDnAttribute = null;
26
	private String subjectDnAttributeConfiguration = null;
27
	
28
    protected SubjectDnRetriever() {
29
        setSubjectDnAttribute(null);
30
    }
31
32
    protected SubjectDnRetriever(String retrieveAttr) {
33
        setSubjectDnAttribute(retrieveAttr);
34
    }
35
    
36
    public String getUserName(X509Certificate clientCert) {
37
		if (logger.isDebugEnabled()) {
38
			logger.debug("getUserName(X509Certificate) - start");
39
		}
40
		String subject = getSubjectDN(clientCert);
41
		String userName = null;
42
		
43
		if (subject != null) {
44
			if (logger.isDebugEnabled()) {
45
				logger.debug("Subject is [" + subject + "].");
46
			}
47
			if (subjectDnAttribute == null) {
48
				if (logger.isDebugEnabled()) {
49
					logger.debug("subjectDnAttribute is null, so return the whole subject.");
50
				}
51
				userName = subject;
52
			} else {
53
				boolean foundUserName = false;
54
				try {					
55
					LdapName ldapName = new LdapName(subject);
56
					List<Rdn> list = ldapName.getRdns();
57
					if (list != null) {
58
						for (Rdn rdn : list) {
59
							String type = rdn.getType();
60
							if (subjectDnAttribute.equalsIgnoreCase(type.toString()))  {
61
								Object value = rdn.getValue();
62
								if (value instanceof String) {
63
									userName = (String) value;
64
									foundUserName = true;									
65
									if (logger.isDebugEnabled()) {
66
										logger.debug("Success to retreive userName [" + userName + "].");
67
									}
68
									break;
69
								}		
70
							}
71
						}
72
					}					
73
				} catch (InvalidNameException e) {					
74
					logger.info("subject [" + subject + "] is not valid name : [" + e.getMessage() + "].");
75
				}
76
				if (!foundUserName) {
77
					logger.info("subject [" + subject + "] does not contain the required attribute [" + subjectDnAttributeConfiguration + "]. Return the whole subject.");
78
					userName = subject;
79
				}					
80
			}
81
			
82
		}
83
			
84
		if (logger.isDebugEnabled()) {
85
			logger.debug("getUserName(X509Certificate) - end; Ret is [" + userName + "].");
86
		}
87
        return userName;
88
    }
89
90
    private void setSubjectDnAttribute(String subjectDnAttributeConfiguration) {
91
		if (logger.isDebugEnabled()) {
92
			logger.debug("setSubjectDnAttribute(String) - start; subjectDnAttribute [" +  subjectDnAttributeConfiguration + "].");
93
		}
94
		this.subjectDnAttributeConfiguration = subjectDnAttributeConfiguration;
95
		subjectDnAttribute = mapSubjectDnAttribute(subjectDnAttributeConfiguration);
96
		if (logger.isDebugEnabled()) {
97
			logger.debug("setSubjectDnAttribute(String) - end; subjectDnAttribute [" +  subjectDnAttribute + "]; subjectDnAttributeConfiguration [" +  subjectDnAttributeConfiguration + "]");
98
		}
99
    }
100
    
101
    
102
103
	private String  mapSubjectDnAttribute(String subjectDnAttributeConfiguration) {
104
		String ret = null;
105
		if (subjectDnAttributeConfiguration != null) {
106
			if (ClientCertificateConstants.EmailOptions.contains(subjectDnAttributeConfiguration.toLowerCase()))  {
107
				ret = ClientCertificateConstants.EMAIL_SUBJECT_ATTR;				
108
			} else {
109
				ret = subjectDnAttributeConfiguration;
110
			}
111
		}
112
		return ret;
113
	}
114
115
	protected String getSubjectDN(X509Certificate clientCert) {
116
		if (logger.isDebugEnabled()) {
117
			logger.debug("getSubjectDN(X509Certificate) - start");
118
		}
119
		String subject = null;
120
		if (clientCert != null) {
121
			if ((clientCert.getSubjectDN()!= null) 
122
					&& (clientCert.getSubjectDN().getName() != null)) {
123
					subject = clientCert.getSubjectDN().getName();
124
			}  else {
125
				if (logger.isDebugEnabled()) {
126
					logger.debug("Can not getSubjectDN, SubjectDN is null");
127
				}
128
			}
129
		} else {
130
			if (logger.isDebugEnabled()) {
131
				logger.debug("Can not getSubjectDN, clientCert is null");
132
			}
133
		}			
134
		if (logger.isDebugEnabled()) {
135
			logger.debug("getSubjectDN(X509Certificate) - end; Ret is [" + subject + "].");
136
		}
137
        return subject;
138
        
139
	}
140
}
(-)org/apache/catalina/realm/ClientCertificateConstants.java (+60 lines)
Line 0 Link Here
1
/**
2
 * @author Michael Furman
3
 */
4
package org.apache.catalina.realm;
5
6
import java.util.Arrays;
7
import java.util.List;
8
9
public class ClientCertificateConstants {
10
	
11
12
	public enum UserNameRetrieveField {
13
		SubjectDN, SubjectAlternativeName;		
14
		public boolean equals(final String str) {
15
			return name().equals(str);
16
		}
17
	}	
18
19
	
20
	public static final String EMAIL_SUBJECT_ATTR = "emailAddress";
21
22
		
23
	public enum SubjectAlternativeNameGeneralNames {
24
		
25
		otherName, // byte arrays containing the ASN.1 DER encoded form 
26
		rfc822Name, // String
27
		dNSName, // String
28
		x400Address, // byte arrays containing the ASN.1 DER encoded form 
29
		directoryName, // String: RFC 2253 string format
30
		ediPartyName, // byte arrays containing the ASN.1 DER encoded form 
31
		uniformResourceIdentifier, // String
32
		iPAddress, // String: IPv4 address - dotted quad notation, IPv6 address - form "a1:a2:...:a8"
33
		registeredID;
34
		
35
		public boolean equals(final String str) {
36
			return name().equals(str);
37
		}
38
		
39
		public boolean equalsIgnoreCase(final String str) {
40
			return name().equalsIgnoreCase(str);
41
		}
42
	}
43
	
44
	// !!! important - set value only in lower case !!!
45
	
46
	// SubjectDN
47
	public static final List<String> EmailOptions = Arrays.asList(EMAIL_SUBJECT_ATTR.toLowerCase(), "e") ;
48
49
	// Subject Alternative Name
50
	public static final List<String> OtherNameOptions = Arrays.asList("other name", "principalname", "principal name", "microsoft principal name") ;
51
	public static final List<String> RFC822NameOptions = Arrays.asList("rfc822 name", "rfc822name", "emailaddress", "email address", "e-mail address", "e-mailaddress") ;
52
	public static final List<String> DNSNameOptions = Arrays.asList("dns name", "dnsname") ;
53
	// x400Address - empty
54
	public static final List<String> DirectoryNameOptions = Arrays.asList("directory address", "directory address", "x500 name", "x500name", "x.500 name", "x.500name") ;
55
	// ediPartyName - empty
56
	public static final List<String> UriOptions = Arrays.asList("url", "uri") ;
57
	public static final List<String> IPAddressOptions = Arrays.asList("ip address", "ipaddress");
58
	public static final List<String> RegisteredIDOptions = Arrays.asList("registered id", "registeredid","registered oid", "registeredoid");
59
60
}
(-)org/apache/catalina/realm/SubjectAlternativeNameRetriever.java (+202 lines)
Line 0 Link Here
1
/**
2
 * @author Michael Furman
3
 */
4
package org.apache.catalina.realm;
5
6
import java.io.ByteArrayInputStream;
7
import java.security.cert.CertificateParsingException;
8
import java.security.cert.X509Certificate;
9
import java.util.Collection;
10
import java.util.Iterator;
11
import java.util.List;
12
13
import org.apache.juli.logging.Log;
14
import org.apache.juli.logging.LogFactory;
15
16
import org.bouncycastle.asn1.ASN1InputStream;
17
import org.bouncycastle.asn1.ASN1Sequence;
18
import org.bouncycastle.asn1.ASN1TaggedObject;
19
import org.bouncycastle.asn1.DERObject;
20
import org.bouncycastle.asn1.DERUTF8String;
21
22
23
public class SubjectAlternativeNameRetriever extends SubjectDnRetriever {
24
	private static final int NOT_EXISTING_TYPE = -1;
25
26
27
	/**
28
	 * Logger for this class
29
	 */
30
	protected final Log logger = LogFactory.getLog(getClass());
31
	
32
	
33
	private String alternativeNameConfiguration = null; 
34
   
35
	private int alternativeNameTypeValue = NOT_EXISTING_TYPE; 
36
37
    protected SubjectAlternativeNameRetriever(String alternativeNameConfiguration) {
38
        setSubjectAlternativeNameGeneralName(alternativeNameConfiguration);
39
    }
40
41
    
42
    
43
    @SuppressWarnings("unchecked")
44
	public String getUserName(X509Certificate clientCert) {
45
		if (logger.isDebugEnabled()) {
46
			logger.debug("getUserName(X509Certificate) - start");
47
		}
48
49
		String userName = null;
50
		if (clientCert != null) {
51
			boolean foundUserName = false;
52
			if (alternativeNameTypeValue != NOT_EXISTING_TYPE) {
53
				try {
54
					if (clientCert.getSubjectAlternativeNames() != null) {
55
						Collection subjectAlternativeNames = clientCert.getSubjectAlternativeNames();
56
						Iterator iter = subjectAlternativeNames.iterator();
57
						while (iter.hasNext()) {
58
							List subjectAlternativeName = (List) iter.next();
59
							Integer type = (Integer) subjectAlternativeName.get(0);
60
							if (type.intValue() == alternativeNameTypeValue) {
61
								Object subjectAlternativeNameValue = subjectAlternativeName.get(1);
62
								if (subjectAlternativeNameValue instanceof String) {
63
									userName = (String) subjectAlternativeNameValue;
64
									foundUserName = true;					
65
									break;
66
								} else if (subjectAlternativeNameValue instanceof byte[]) {
67
									byte[] subjectAlternativeNameValueBytes = (byte[]) subjectAlternativeNameValue;
68
									userName = getStringFromASNDerEncodedByteArray(subjectAlternativeNameValueBytes);
69
									if (userName != null) {
70
										foundUserName = true;
71
										break;
72
									}
73
								} else {
74
									if (logger.isInfoEnabled()) {
75
										logger.info("Can not get UserName, the subjectAlternativeName not supported [" + subjectAlternativeNameValue + "].");
76
									}
77
								}
78
							}
79
						}
80
					}
81
				} catch (CertificateParsingException e) {
82
					logger.info("Can not get UserName, can not get subjectAlternativeNames from certificate [" + e.getMessage() + "].");
83
				}				
84
85
				
86
			} else {
87
				if (logger.isDebugEnabled()) {
88
					logger.debug("Can not get UserName, generalName is null");
89
				}
90
			}
91
			if (!foundUserName) {
92
				logger.info("Can not found userName as part of subjectAlternativeName [" + alternativeNameConfiguration + "]. Return the whole subject.");
93
				userName = getSubjectDN(clientCert);
94
			}					
95
96
		} else {
97
			if (logger.isDebugEnabled()) {
98
				logger.debug("Can not get UserName, clientCert is null");
99
			}
100
		}
101
		if (logger.isDebugEnabled()) {
102
			logger.debug("getUserName(X509Certificate) - end; Ret is [" + userName + "].");
103
		}
104
105
		return userName;
106
	}
107
108
109
110
	
111
112
    private void setSubjectAlternativeNameGeneralName(String alternativeNameConfiguration) {
113
		if (logger.isDebugEnabled()) {
114
			logger.debug("setSubjectAlternativeNameGeneralName(String) - start; alternativeName [" +  alternativeNameConfiguration + "].");
115
		}
116
		this.alternativeNameConfiguration = null;
117
		alternativeNameTypeValue = NOT_EXISTING_TYPE;
118
		
119
		if (alternativeNameConfiguration != null) {
120
			this.alternativeNameConfiguration = alternativeNameConfiguration;
121
			String alternativeNameConfigurationLowerCase = alternativeNameConfiguration.toLowerCase();
122
			if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.equalsIgnoreCase (alternativeNameConfiguration)) 
123
					|| (ClientCertificateConstants.OtherNameOptions.contains(alternativeNameConfigurationLowerCase))) {
124
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.ordinal();				
125
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.equalsIgnoreCase (alternativeNameConfiguration)) 
126
					|| (ClientCertificateConstants.RFC822NameOptions.contains(alternativeNameConfigurationLowerCase))) {
127
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.ordinal();				
128
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.equalsIgnoreCase (alternativeNameConfiguration)) 
129
					|| (ClientCertificateConstants.DNSNameOptions.contains(alternativeNameConfigurationLowerCase))) {
130
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.ordinal();				
131
			} else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.equalsIgnoreCase (alternativeNameConfiguration)) {
132
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.ordinal();				
133
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.equalsIgnoreCase (alternativeNameConfiguration)) 
134
					|| (ClientCertificateConstants.DirectoryNameOptions.contains(alternativeNameConfigurationLowerCase))) {
135
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.ordinal();				
136
			} else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.equalsIgnoreCase (alternativeNameConfiguration)) {
137
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.ordinal();				
138
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.equalsIgnoreCase (alternativeNameConfiguration)) 
139
					|| (ClientCertificateConstants.UriOptions.contains(alternativeNameConfigurationLowerCase))) {				
140
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.ordinal();				
141
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.equalsIgnoreCase (alternativeNameConfiguration)) 
142
					|| (ClientCertificateConstants.IPAddressOptions.contains(alternativeNameConfigurationLowerCase))) {					
143
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.ordinal();				
144
			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.equalsIgnoreCase (alternativeNameConfiguration)) 
145
				|| (ClientCertificateConstants.RegisteredIDOptions.contains(alternativeNameConfigurationLowerCase))) {									
146
				alternativeNameTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.ordinal();				
147
			} else {
148
				try {
149
					alternativeNameTypeValue = (new Integer(alternativeNameConfiguration)).intValue();
150
				}catch (NumberFormatException e) {
151
					alternativeNameTypeValue = NOT_EXISTING_TYPE;
152
				}
153
			}
154
		
155
		}
156
		if (logger.isDebugEnabled()) {
157
			logger.debug("setSubjectAlternativeNameGeneralName(String) - end; alternativeName [" +  alternativeNameConfiguration + "], alternativeNameType [" +  alternativeNameTypeValue + "].");
158
		}
159
    }
160
161
162
	private String getStringFromASNDerEncodedByteArray(byte[] byteArray) {
163
		if (logger.isDebugEnabled()) {
164
			logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - start");
165
		}
166
167
		String ret = null;
168
		try {	
169
			ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(byteArray));
170
			DERObject derObject = asn1InputStream.readObject();
171
			ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(derObject);
172
			Object objectValue = asn1Sequence.getObjectAt(1);
173
			if (objectValue instanceof ASN1TaggedObject) {
174
				ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) objectValue;
175
				try {
176
					if (logger.isDebugEnabled()) {
177
						logger.debug("Try to get string from DERUTF8String.");
178
					}
179
					DERObject derTaggedObject = asn1TaggedObject.getObject();
180
					DERUTF8String derUtf8String = DERUTF8String.getInstance(derTaggedObject);
181
					ret = derUtf8String.getString();
182
				} catch (IllegalArgumentException e) {
183
					if (logger.isDebugEnabled()) {
184
						logger.debug("Can not get String From DERUTF8String, [" + e.getMessage() + "].");
185
					}
186
				}				
187
			}
188
		} catch (Exception e) {
189
			if (logger.isInfoEnabled()) {
190
				logger.info("Can not get String From ASNDerEncoded ByteArray, [" + e.getMessage() + "].");
191
			}
192
		}
193
194
		if (logger.isDebugEnabled()) {
195
			logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - end. Ret is [" + ret + "].");
196
		}
197
		return ret;
198
199
	}
200
	
201
202
}
(-)org/apache/catalina/realm/RealmBase.java (-1 / +82 lines)
Lines 49-54 Link Here
49
import org.apache.catalina.deploy.SecurityCollection;
49
import org.apache.catalina.deploy.SecurityCollection;
50
import org.apache.catalina.deploy.SecurityConstraint;
50
import org.apache.catalina.deploy.SecurityConstraint;
51
import org.apache.catalina.mbeans.MBeanUtils;
51
import org.apache.catalina.mbeans.MBeanUtils;
52
import org.apache.catalina.realm.ClientCertificateConstants.UserNameRetrieveField;
52
import org.apache.catalina.util.LifecycleMBeanBase;
53
import org.apache.catalina.util.LifecycleMBeanBase;
53
import org.apache.catalina.util.MD5Encoder;
54
import org.apache.catalina.util.MD5Encoder;
54
import org.apache.juli.logging.Log;
55
import org.apache.juli.logging.Log;
Lines 153-158 Link Here
153
    protected boolean stripRealmForGss = true;
154
    protected boolean stripRealmForGss = true;
154
155
155
156
157
    private UserNameRetriever userNameRetriever = null;
158
    
159
	private String x509UserNameRetrieveField = null;
160
	
161
	private String x509UserNameRetrieveFieldPart = null;
162
    
163
	private String x509UserNameRetrieverClassName;
164
    
156
    // ------------------------------------------------------------- Properties
165
    // ------------------------------------------------------------- Properties
157
166
158
167
Lines 1194-1200 Link Here
1194
     * Return the Principal associated with the given certificate.
1203
     * Return the Principal associated with the given certificate.
1195
     */
1204
     */
1196
    protected Principal getPrincipal(X509Certificate usercert) {
1205
    protected Principal getPrincipal(X509Certificate usercert) {
1197
        return(getPrincipal(usercert.getSubjectDN().getName()));
1206
		createUserNameRetriever();
1207
		String userName = userNameRetriever.getUserName(usercert);
1208
1209
		if (log.isDebugEnabled())
1210
            log.debug("Get principal for [" + userName + "]");		
1211
        return(getPrincipal(userName));
1198
    }
1212
    }
1199
1213
1200
1214
Lines 1393-1397 Link Here
1393
            return name;
1407
            return name;
1394
        }
1408
        }
1395
    }
1409
    }
1410
    
1411
	public void setX509UserNameRetrieveFieldPart(String userNameRetrieveFieldPart) {
1412
		this.x509UserNameRetrieveFieldPart = userNameRetrieveFieldPart;
1396
1413
1414
	}
1415
1416
	public void setX509UserNameRetrieveField(String userNameRetrieveField) {
1417
		this.x509UserNameRetrieveField = userNameRetrieveField;	
1418
	}
1419
1420
	public void setX509UserNameRetrieverClassName(String className) {
1421
		 this.x509UserNameRetrieverClassName = className;
1422
	}
1423
	private void createUserNameRetriever() {
1424
		
1425
		if (userNameRetriever == null) {
1426
			boolean created = createUserNameRetrieverFromClassName();				
1427
			if (!created) {
1428
				if (UserNameRetrieveField.SubjectDN.equals(x509UserNameRetrieveField)) {
1429
					if (x509UserNameRetrieveFieldPart == null) {
1430
					     userNameRetriever = new SubjectDnRetriever();		    			
1431
					} else {
1432
						userNameRetriever = new SubjectDnRetriever(x509UserNameRetrieveFieldPart);
1433
					}			
1434
				} else if (UserNameRetrieveField.SubjectAlternativeName.equals(x509UserNameRetrieveField)) {						
1435
					if (x509UserNameRetrieveFieldPart == null) {
1436
						userNameRetriever = new SubjectDnRetriever();				
1437
						String warnString = "Can not create userNameRetriever : userNameRetrieveFieldPart is null when userNameRetrieveField is [" + x509UserNameRetrieveField + "]. userNameRetriever is created for SubjectDn field.";
1438
						log.warn(warnString);				
1439
					} else {
1440
						userNameRetriever = new SubjectAlternativeNameRetriever(x509UserNameRetrieveFieldPart);
1441
					}
1442
				} else {
1443
					userNameRetriever = new SubjectDnRetriever();
1444
				}
1445
			}
1446
		}
1447
	}
1448
	
1449
	@SuppressWarnings("unchecked")
1450
	private boolean createUserNameRetrieverFromClassName() {
1451
1452
		boolean created = false;
1453
		if ((x509UserNameRetrieverClassName != null) && (x509UserNameRetrieverClassName != "")) {
1454
			Class<? extends UserNameRetriever> x509UserNameRetrieverClass = null;
1455
			try {
1456
				x509UserNameRetrieverClass = (Class<? extends UserNameRetriever>) Class.forName(x509UserNameRetrieverClassName);
1457
				userNameRetriever = x509UserNameRetrieverClass.newInstance(); 
1458
				created = true;
1459
			} catch (ClassCastException e) {
1460
				String warnString = "Class [" + x509UserNameRetrieverClassName + "] is not instance of  [" + UserNameRetriever.class.getSimpleName() + "].";  
1461
				log.warn(warnString);
1462
			} catch (ClassNotFoundException e) {
1463
				String warnString = "Class [" + x509UserNameRetrieverClassName + "] was not found.";  
1464
				log.warn(warnString, e);
1465
			} catch (InstantiationException e) {
1466
				String warnString = "Cannot instantiate class [" + x509UserNameRetrieverClassName + "].";  
1467
				log.warn(warnString);
1468
			} catch (IllegalAccessException e) {
1469
				String warnString = "Cannot instantiate class [" + x509UserNameRetrieverClassName + "].";  
1470
				log.warn(warnString);
1471
			}
1472
			
1473
		}
1474
		return created;
1475
	}
1476
    
1477
1397
}
1478
}

Return to bug 52500