You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/01/19 03:33:49 UTC
DO NOT REPLY [Bug 41407] New: - CLIENT-CERT Authentication with JAASRealm not working
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41407>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Summary: CLIENT-CERT Authentication with JAASRealm not working
Product: Tomcat 5
Version: 5.5.20
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: tears.the@gmail.com
I tried to config my webapp to authenticate user by CLIENT-CERT auth method.
I verified my JAAS LoginModule by using "BASIC" to auth method and successfully
authenticated user login.
After studying Tomcat 5.5.20 source, I found that the problem is caused by the
RealmBase.java and JAASRealm.java.
if CLIENT-CERT auth method is used, SSLAuthenticator will call the :
JAASRealm.authenticate(X509Certificate certs[])
As JAASRealm didn't override authenticate(X509Certificate certs[]), RealmBase's
authenticate will be used and it will only validate the certs and then call
getPrincipal(X509Certificate) and then getPrincipal(String) is being called to
get the Principal. However, in JAASRealm, this function always return null.
That means Tomcat can't use JAASRealm with CLIENT-CERT auth method.
Thanks
Butler
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41407] - CLIENT-CERT Authentication with JAASRealm not working
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41407>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41407
rm@moosauer.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rm@moosauer.de
------- Additional Comments From rm@moosauer.de 2007-01-19 05:37 -------
You try to do authorization with client certs?
I'm afraid this is not implemented tomcat's JAASRealm.
I am sure it is possible to create an extended JAASRealm2 which is
able to provide full JAAS functionality with client certs also.
The way to do it could be:
1. Implement authenticate(X509Certificate certs[]) just like
the user/pwd-authenticate in JAASrealm.
2. Add an appropriate CallbackHandler for the cert chain
to pass the certificates to the custom LoginModule.
The custom authorization stuff has to go to the LoginModule
so the new JAASRealm2 should be finished.
Please let me know if you plan to implement it.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org