You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/06/05 14:37:25 UTC
DO NOT REPLY [Bug 7831] -
[PATCH] JNDIRealm does not work with CLIENT-CERT auth method
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831
[PATCH] JNDIRealm does not work with CLIENT-CERT auth method
------- Additional Comments From marek.mosiewicz@jotel.com.pl 2003-06-05 12:37 -------
CLIENT-CERT authentication is done via SSLAuthenticator class which
executes RealmBase.authenticate(X509Certifcate[] certs) method.
This method uses getPrincipal(String username) method to return principal for
given username. If this returs null SSLAutheticator denies to authenticate user.
For SSLAuthenticator it is only important to check if user exists in realm and
find roles becues AUTHENTICATION is done SSLAuthenticator (checking validity
od certificate)
This is my implementation for JDBCRealm.getPrincipal which works :
(If you want to consult this patch please mail me)
/**
* Return the Principal associated with the given user name.
* This method is used in RealmBase.authenticate(X509Certificate[] creds)
* which is then used in SSLAuthenticator to authenticate
* with client with CLIENT-CERT method
* Absence of this method (returning null) makes CLEINT-CERT authorization
* impossible.
*
* @author Marek Mosiewicz <ma...@jotel.com.pl>
*/
protected Principal getPrincipal(String username) {
Connection dbConnection = null;
try {
// Ensure that we have an open database connection
dbConnection = open();
String dbCredentials = null;
PreparedStatement stmt = credentials(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
dbCredentials = rs.getString(1).trim();
}
rs.close();
if (dbCredentials == null) {
return (null);
}
// Accumulate the user's roles
ArrayList list = new ArrayList();
stmt = roles(dbConnection, username);
rs = stmt.executeQuery();
while (rs.next()) {
list.add(rs.getString(1).trim());
}
rs.close();
dbConnection.commit();
// Release the database connection we just used
release(dbConnection);
// Create and return a suitable Principal for this user
return (new GenericPrincipal(this, username, null, list));
} catch (SQLException e) {
// Log the problem for posterity
log(sm.getString("jdbcRealm.exception"), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
// Return "null" principal
return (null);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org