Lines 79-85
Link Here
|
79 |
<p>Java class name of the implementation to use. This class must |
79 |
<p>Java class name of the implementation to use. This class must |
80 |
implement the <code>org.apache.catalina.Realm</code> interface.</p> |
80 |
implement the <code>org.apache.catalina.Realm</code> interface.</p> |
81 |
</attribute> |
81 |
</attribute> |
|
|
82 |
|
83 |
|
84 |
<attribute name="x509UserNameRetrieverConfiguration" required="false"> |
85 |
<p>The value is used to configure how to get the user name during the client certificate authentication. |
86 |
The user name is the unique part of information from the client certificate that used to identify the identity of the user. |
87 |
The Subject field (also called Subject Distinguish Name or SubjectDN) identifies the entity associated with the public key. |
88 |
The Subject field contains the following relevant attributes (it can also contain other attributes). |
89 |
</p> |
90 |
<p> |
91 |
<table> |
92 |
<tr><th>Subject Attribute</th><th>Subject Attribute Description</th><th>Example</th></tr> |
93 |
<tr><td>CN</td><td>Common Name</td><td>CN=Bob BobFamily</td></tr> |
94 |
<tr><td>emailAddress</td><td>Email Address</td><td>emailAddress=bob@example.com</td></tr> |
95 |
<tr><td>C</td><td>Country Name</td><td>C=US</td></tr> |
96 |
<tr><td>ST</td><td>State or Province Name</td><td>ST=NY</td></tr> |
97 |
<tr><td>L</td><td>Locality Name</td><td>L=New York</td></tr> |
98 |
<tr><td>O</td><td>Organization Name</td><td>O=Work Organization</td></tr> |
99 |
<tr><td>OU</td><td>Organizational Unit Name</td><td>OU=Managers</td></tr> |
100 |
</table> |
101 |
</p> |
102 |
<p> |
103 |
To retrieve the user name from the subject, you can use the entire SubjectDN field or the SubjectDN attribute. |
104 |
To retrieve the user name from entire SubjectDN field leave the value empty. |
105 |
To retrieve the user name from the SubjectDN attribute, please provide the retrieve attribute name. |
106 |
The the retrieve attribute name is a code letter based on a legend defined in the certificate itself. |
107 |
</p> |
82 |
|
108 |
|
|
|
109 |
<p> |
110 |
For example, the Email attribute is used to hold the User Name. |
111 |
Please provide "e" or "emailAddress" for the constructor. |
112 |
</p> |
113 |
|
114 |
<p> |
115 |
For example, the Common Name attribute is used to hold the User Name. |
116 |
Please provide "CN" for the constructor.</p> |
117 |
|
118 |
|
119 |
</attribute> |
120 |
|
121 |
<attribute name="x509UserNameRetrieverClassName" required="false"> |
122 |
<p>The Java class name that is used to override the default X509UserNameRetriever. |
123 |
The X509UserNameRetriever is used to get the user name during the client certificate authentication. |
124 |
If the value is provided a realm will create X509UserNameRetriever from the provided class. |
125 |
This class must implement the <code>org.apache.catalina.realm.X509UserNameRetriever</code> interface.</p> |
126 |
</attribute> |
127 |
|
83 |
</attributes> |
128 |
</attributes> |
84 |
|
129 |
|
85 |
</subsection> |
130 |
</subsection> |