Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0E87F113F1 for ; Tue, 29 Jul 2014 09:07:39 +0000 (UTC) Received: (qmail 50186 invoked by uid 500); 29 Jul 2014 09:07:38 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 50142 invoked by uid 500); 29 Jul 2014 09:07:38 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 50129 invoked by uid 99); 29 Jul 2014 09:07:38 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Jul 2014 09:07:38 +0000 Date: Tue, 29 Jul 2014 09:07:38 +0000 (UTC) From: "Sergey Beryozkin (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-5909) TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS Certificate MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-5909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077532#comment-14077532 ] Sergey Beryozkin commented on CXF-5909: --------------------------------------- +1. We have this issue opened: https://issues.apache.org/jira/browse/CXF-5118 Can you please resolve this JIRA as Duplicate and attach a patch to CXF-5118 for Christian and others to have a look ? Thanks, Sergey > TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS Certificate > ----------------------------------------------------------------------------------------- > > Key: CXF-5909 > URL: https://issues.apache.org/jira/browse/CXF-5909 > Project: CXF > Issue Type: New Feature > Components: Core > Reporter: Piotr Klimczak > Labels: SSL, TLS, authentication, authorization, jaas > Original Estimate: 16h > Remaining Estimate: 16h > > Hi All! > I haven't found such functionality in CXF, so I have created one. > So if there is anybody who see a value of doing JAAS authentication with TLS Authenticated handshake certificate, then I can prepare patches to 3.x branch and 2.x branch. > I already got this working, but more work need to be done (like unit tests) before submitting a patch to Apache Community. So just want to be sure that my work will not be wasted. > Once when I will receive a patch share request, I will prepare it and submit to JIRA. > *Some description of Authentication/Authorization functionality* > Well when CXF is used with Mutual Authentication, client key is verified by servlet container in background. So this layer is responsible for doing some authentication. Then certificate seems to be wasted and client have to use UserToken to authenticate again and let the authorization be done in future. > So the idea is to take some information from message like: > {code} > TLSSessionInfo tlsSessionInfo = message.get(TLSSessionInfo.class); > {code} > Extract for example a mail from certificate, then use JAAS to do authentication and take roles assigned to this email to let the Authorization be done in future. > All done with InInterceptor just like with JAASLoginInInterceptor. > So it is quite simple. > Waiting for feedback. > Once received a confirmation, will prepare patches with junit tests. > Greetings > Piotr Klimczak -- This message was sent by Atlassian JIRA (v6.2#6252)