Attachment #28387 for bug #52500

View | Details | Raw Unified | Return to bug 52500
Collapse All | Expand All




        <p>Java class name of the implementation to use.  This class must
        implement the <code>org.apache.catalina.Realm</code> interface.</p>
      </attribute>
      
                  
      <attribute name="x509UserNameRetrieverConfiguration" required="false">
        <p>The value is used to configure how to get the user name during the client certificate authentication. 
        The user name is the unique part of information from the client certificate that used to identify the identity of the user. 
The Subject field (also called Subject Distinguish Name or SubjectDN) identifies the entity associated with the public key.
The Subject field contains the following relevant attributes (it can also contain other attributes).
</p>
<p>
 <table>
    <tr><th>Subject Attribute</th><th>Subject Attribute Description</th><th>Example</th></tr>
    <tr><td>CN</td><td>Common Name</td><td>CN=Bob BobFamily</td></tr>
    <tr><td>emailAddress</td><td>Email Address</td><td>emailAddress=bob@example.com</td></tr>
    <tr><td>C</td><td>Country Name</td><td>C=US</td></tr>
    <tr><td>ST</td><td>State or Province Name</td><td>ST=NY</td></tr>
    <tr><td>L</td><td>Locality Name</td><td>L=New York</td></tr>
    <tr><td>O</td><td>Organization Name</td><td>O=Work Organization</td></tr>
    <tr><td>OU</td><td>Organizational Unit Name</td><td>OU=Managers</td></tr>
  </table>
</p>  
<p>  
To retrieve the user name from the subject, you can use the entire SubjectDN field or the SubjectDN attribute.
To retrieve the user name from entire SubjectDN field leave the value empty.
To retrieve the user name from the SubjectDN attribute, please provide the retrieve attribute name.
The the retrieve attribute name is a code letter based on a legend defined in the certificate itself.
</p>  

<p>  
For example, the Email attribute is used to hold the User Name.
Please provide "e" or "emailAddress" for the constructor.
</p>

<p>  
For example, the Common Name attribute is used to hold the User Name.
Please provide "CN" for the constructor.</p>

 
      </attribute>

      <attribute name="x509UserNameRetrieverClassName" required="false">
        <p>The Java class name that is used to override the default X509UserNameRetriever. 
        The X509UserNameRetriever is used to get the user name during the client certificate authentication.
        If the value is provided a realm will create X509UserNameRetriever from the provided class. 
        This class must implement the <code>org.apache.catalina.realm.X509UserNameRetriever</code> interface.</p>
      </attribute>

    </attributes>

  </subsection>

Return to bug 52500

Lines 79-85 Link Here

(-)docs/config/realm.xml (+45 lines)
79	<p>Java class name of the implementation to use. This class must	79	<p>Java class name of the implementation to use. This class must
80	implement the <code>org.apache.catalina.Realm</code> interface.</p>	80	implement the <code>org.apache.catalina.Realm</code> interface.</p>
81	</attribute>	81	</attribute>
		82
		83
		84	<attribute name="x509UserNameRetrieverConfiguration" required="false">
		85	<p>The value is used to configure how to get the user name during the client certificate authentication.
		86	The user name is the unique part of information from the client certificate that used to identify the identity of the user.
		87	The Subject field (also called Subject Distinguish Name or SubjectDN) identifies the entity associated with the public key.
		88	The Subject field contains the following relevant attributes (it can also contain other attributes).
		89	</p>
		90	<p>
		91	<table>
		92	<tr><th>Subject Attribute</th><th>Subject Attribute Description</th><th>Example</th></tr>
		93	<tr><td>CN</td><td>Common Name</td><td>CN=Bob BobFamily</td></tr>
		94	<tr><td>emailAddress</td><td>Email Address</td><td>emailAddress=bob@example.com</td></tr>
		95	<tr><td>C</td><td>Country Name</td><td>C=US</td></tr>
		96	<tr><td>ST</td><td>State or Province Name</td><td>ST=NY</td></tr>
		97	<tr><td>L</td><td>Locality Name</td><td>L=New York</td></tr>
		98	<tr><td>O</td><td>Organization Name</td><td>O=Work Organization</td></tr>
		99	<tr><td>OU</td><td>Organizational Unit Name</td><td>OU=Managers</td></tr>
		100	</table>
		101	</p>
		102	<p>
		103	To retrieve the user name from the subject, you can use the entire SubjectDN field or the SubjectDN attribute.
		104	To retrieve the user name from entire SubjectDN field leave the value empty.
		105	To retrieve the user name from the SubjectDN attribute, please provide the retrieve attribute name.
		106	The the retrieve attribute name is a code letter based on a legend defined in the certificate itself.
		107	</p>
82		108
		109	<p>
		110	For example, the Email attribute is used to hold the User Name.
		111	Please provide "e" or "emailAddress" for the constructor.
		112	</p>
		113
		114	<p>
		115	For example, the Common Name attribute is used to hold the User Name.
		116	Please provide "CN" for the constructor.</p>
		117
		118
		119	</attribute>
		120
		121	<attribute name="x509UserNameRetrieverClassName" required="false">
		122	<p>The Java class name that is used to override the default X509UserNameRetriever.
		123	The X509UserNameRetriever is used to get the user name during the client certificate authentication.
		124	If the value is provided a realm will create X509UserNameRetriever from the provided class.
		125	This class must implement the <code>org.apache.catalina.realm.X509UserNameRetriever</code> interface.</p>
		126	</attribute>
		127
83	</attributes>	128	</attributes>
84		129
85	</subsection>	130	</subsection>