Summary: | CLIENT-CERT Authentication with JAASRealm not working | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Butler <tears.the> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | rm |
Priority: | P2 | ||
Version: | 5.5.20 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
Butler
2007-01-18 18:33:49 UTC
You try to do authorization with client certs? I'm afraid this is not implemented tomcat's JAASRealm. I am sure it is possible to create an extended JAASRealm2 which is able to provide full JAAS functionality with client certs also. The way to do it could be: 1. Implement authenticate(X509Certificate certs[]) just like the user/pwd-authenticate in JAASrealm. 2. Add an appropriate CallbackHandler for the cert chain to pass the certificates to the custom LoginModule. The custom authorization stuff has to go to the LoginModule so the new JAASRealm2 should be finished. Please let me know if you plan to implement it. This has been fixed in trunk and proposed for 5.5.x and 6.0.x This has been committed for 6.0.x and will be in 6.0.19 onwards. This has been fixed in 5.5.x and will be included in 5.5.28 onwards. |