geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (GERONIMO-5619) CertificatePropertiesFileLoginModule only works with tomcat, not jetty
Date Wed, 09 May 2012 00:05:56 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-5619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks resolved GERONIMO-5619.
------------------------------------

    Resolution: Fixed

no one has complained about the fix.
                
> CertificatePropertiesFileLoginModule only works with tomcat, not jetty
> ----------------------------------------------------------------------
>
>                 Key: GERONIMO-5619
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5619
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 3.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 3.0
>
>
> CertificatePropertiesFileLoginModule uses CertificateCallback.  This is supported by
tomcat but not jetty, which is more adapted to the jaspic password validation callback and
which converts the x500 principal to a "name" and expects a NameCallback.
> We can easily modify the LoginModule to handle both.  I can't decide if this is a security
risk since this login module does not check passwords at all and just verifies that the principal
name is known.  It might be possible to misconfigure security so as to use basic or form auth
with this login module and ignore the supplied password.
> I'm going to go ahead and apply the change.  We can always roll it back.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message