You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Bud P. Bruegger" <bu...@comune.grosseto.it> on 2003/10/09 09:15:02 UTC
CLIENT-CERT and custom username?
hello everyone,
looked for this all over but couldn't find an answer...
So I would like to ask a question about the auth-method CLIENT-CERT. It
seems that the username resulting from an authentication is the CN
component of the subject's DN (as it appears in the client
certificate). Is there any way to using a custom function that returns a
username based on the DN? Or is it possible to use a custom function to
return a principal that is different from the username?
many thanks for any help
--bud
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: CLIENT-CERT and custom username?
Posted by Bill Barker <wb...@wilshire.com>.
"Bud P. Bruegger" <bu...@comune.grosseto.it> wrote in message
news:5.2.1.1.0.20031009091349.03325e18@mail.comune.grosseto.it...
> hello everyone,
>
> looked for this all over but couldn't find an answer...
>
> So I would like to ask a question about the auth-method CLIENT-CERT. It
> seems that the username resulting from an authentication is the CN
> component of the subject's DN (as it appears in the client
> certificate). Is there any way to using a custom function that returns a
> username based on the DN? Or is it possible to use a custom function to
> return a principal that is different from the username?
>
Not with Tomcat out-of-the box (but patches are always welcome :). You
could do it with a custom Realm however. Just extend your favorite Tomcat
Realm, and override the:
Principal getPrincipal(String)
method. The String argument is the DN from the user's cert. It can return
any Principal that it wants. However, if it doesn't extend Tomcat's
GenericPrincipal then you also need to override the 'hasRole' method.
> many thanks for any help
>
> --bud
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org