You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Chris <ch...@kynth.com> on 2011/08/08 16:12:37 UTC

X.509 support

How did development of the X.509 support go?

Is there any out of the box support for X.509?

I have a use case which requires allowing access to part of a webapp via
forms authentication for users and restricting access to X.509 certificates
to other parts of the webapp for administrators.

A shiro.ini pattern match for useage would be ideal :)

e.g.


> [urls]
> /*           = ssl, authc
> /admin/* = ssl, x509, authc
> 

Perfection would be a login form, supplemented by a certificate, transmitted
over ssl.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/X-509-support-tp6664434p6664434.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: X.509 support

Posted by Mária Jurčovičová <m....@gmail.com>.

Hi,

I believe this is related bug
https://issues.apache.org/jira/browse/SHIRO-24, maybe it will help
you. There is a patch attached.

Also, I played with something similar for my blog a while ago:
http://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html,
hopefully you will find something useful in there.

Good luck,
Meri

On Tue, Aug 9, 2011 at 1:17 AM, Les Hazlewood <lh...@apache.org> wrote:

> I'm assuming you mean SSL client authentication?  I believe someone
> had a simple filter that facilitated this, but I can't remember
> where/how it was used...
>
> On Mon, Aug 8, 2011 at 7:12 AM, Chris <ch...@kynth.com> wrote:
> > How did development of the X.509 support go?
> >
> > Is there any out of the box support for X.509?
> >
> > I have a use case which requires allowing access to part of a webapp via
> > forms authentication for users and restricting access to X.509
> certificates
> > to other parts of the webapp for administrators.
> >
> > A shiro.ini pattern match for useage would be ideal :)
> >
> > e.g.
> >
> >
> >> [urls]
> >> /*           = ssl, authc
> >> /admin/* = ssl, x509, authc
> >>
> >
> > Perfection would be a login form, supplemented by a certificate,
> transmitted
> > over ssl.
> >
> > --
> > View this message in context:
> http://shiro-user.582556.n2.nabble.com/X-509-support-tp6664434p6664434.html
> > Sent from the Shiro User mailing list archive at Nabble.com.
>

Re: X.509 support

Posted by Les Hazlewood <lh...@apache.org>.

I'm assuming you mean SSL client authentication?  I believe someone
had a simple filter that facilitated this, but I can't remember
where/how it was used...

On Mon, Aug 8, 2011 at 7:12 AM, Chris <ch...@kynth.com> wrote:
> How did development of the X.509 support go?
>
> Is there any out of the box support for X.509?
>
> I have a use case which requires allowing access to part of a webapp via
> forms authentication for users and restricting access to X.509 certificates
> to other parts of the webapp for administrators.
>
> A shiro.ini pattern match for useage would be ideal :)
>
> e.g.
>
>
>> [urls]
>> /*           = ssl, authc
>> /admin/* = ssl, x509, authc
>>
>
> Perfection would be a login form, supplemented by a certificate, transmitted
> over ssl.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/X-509-support-tp6664434p6664434.html
> Sent from the Shiro User mailing list archive at Nabble.com.