cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Piotr Klimczak (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5909) TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS Certificate
Date Mon, 28 Jul 2014 10:12:38 GMT
Piotr Klimczak created CXF-5909:
-----------------------------------

             Summary: TLS Authenticated Handshake and Authentication/Authorization with JAAS
by TLS Certificate
                 Key: CXF-5909
                 URL: https://issues.apache.org/jira/browse/CXF-5909
             Project: CXF
          Issue Type: New Feature
          Components: Core
            Reporter: Piotr Klimczak


Hi All!

I haven found such functionality in CXF, so I have created one.
So if there is anybody who see a value of doing JAAS authentication with TLS Authenticated
handshake certificate, then I can prepare patches to 3.x branch and 2.x branch.
I already got this working, but more work need to be done (like unit tests) before submitting
a patch to Apache Community. So just want to be sure that my work will not be wasted.
Once when I will receive a patch share request, I will prepare it and submit to JIRA.

*Some description of Authentication/Authorization functionality*
Well when CXF is used with Mutual Authentication, client key is verified by servlet container
in background. So this layer is responsible for doing some authentication. Then certificate
seems to be wasted and client have to use UserToken to authenticate again and let the authorization
be done in future.

So the idea is to take some information from message like:

{code}
TLSSessionInfo tlsSessionInfo = message.get(TLSSessionInfo.class);
{code}
Extract for example a mail from certificate, then use JAAS to do authentication and take roles
assigned to this email to let the Authorization be done in future. 
So it is quite simple.

Waiting for feedback.
Once received a confirmation, will prepare patches with junit tests.

Greetings
Piotr Klimczak



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message