shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Merlin (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SHIRO-24) X509 Client certificate authentication
Date Mon, 24 May 2010 15:20:26 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870638#action_12870638
] 

Paul Merlin commented on SHIRO-24:
----------------------------------

You'll find attached a svn diff with X509 support added to shiro-web.
It has been generated using plain "svn diff", if another format is more convenient feel free
to ask me.

I implemented three CredentialMatching strategies :
- Simple
- Fingerprint
- PKIX Path

Simple credential matching strategy allows you to match on Issuer and/or Subject name using
regexes while choosing on which DN format you want the match to occur (canonical, rfc1779
or rfc2253).

Fingerprint strategy perform a SHA-1 certificate matching.

PKIX Path strategy perform a full custom PKIX path validation and can be usefull in a scenario
with a complex security model

Base Realm implementations to support the three strategies are included.

This submission is here mainly to get a first feedback from the community. There are no javadoc
for now but a unit test demonstrate the tree strategies with naïve scenarii.

WDYT ?

/Paul


> X509 Client certificate authentication
> --------------------------------------
>
>                 Key: SHIRO-24
>                 URL: https://issues.apache.org/jira/browse/SHIRO-24
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Alan Cabrera
>
> Add support for X509 Authentication. Perhaps should not be complicated when we see how
Acegi source code achieve this (http://www.acegisecurity.org/guide/springsecurity.html#x509)
? 
> Notice that the X509Auth is basically a validation of the client certificate. Because
if we reach this point, it means that the application server has successfully trusted the
client certificate against its trust store. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message