You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Paul Merlin (JIRA)" <ji...@apache.org> on 2010/05/24 17:20:26 UTC

[jira] Commented: (SHIRO-24) X509 Client certificate authentication

    [ https://issues.apache.org/jira/browse/SHIRO-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870638#action_12870638 ] 

Paul Merlin commented on SHIRO-24:
----------------------------------

You'll find attached a svn diff with X509 support added to shiro-web.
It has been generated using plain "svn diff", if another format is more convenient feel free to ask me.

I implemented three CredentialMatching strategies :
- Simple
- Fingerprint
- PKIX Path

Simple credential matching strategy allows you to match on Issuer and/or Subject name using regexes while choosing on which DN format you want the match to occur (canonical, rfc1779 or rfc2253).

Fingerprint strategy perform a SHA-1 certificate matching.

PKIX Path strategy perform a full custom PKIX path validation and can be usefull in a scenario with a complex security model

Base Realm implementations to support the three strategies are included.

This submission is here mainly to get a first feedback from the community. There are no javadoc for now but a unit test demonstrate the tree strategies with naïve scenarii.

WDYT ?

/Paul


> X509 Client certificate authentication
> --------------------------------------
>
>                 Key: SHIRO-24
>                 URL: https://issues.apache.org/jira/browse/SHIRO-24
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Alan Cabrera
>
> Add support for X509 Authentication. Perhaps should not be complicated when we see how Acegi source code achieve this (http://www.acegisecurity.org/guide/springsecurity.html#x509) ? 
> Notice that the X509Auth is basically a validation of the client certificate. Because if we reach this point, it means that the application server has successfully trusted the client certificate against its trust store. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.