shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Merlin (JIRA)" <>
Subject [jira] Commented: (SHIRO-24) X509 Client certificate authentication
Date Mon, 24 May 2010 15:20:26 GMT


Paul Merlin commented on SHIRO-24:

You'll find attached a svn diff with X509 support added to shiro-web.
It has been generated using plain "svn diff", if another format is more convenient feel free
to ask me.

I implemented three CredentialMatching strategies :
- Simple
- Fingerprint
- PKIX Path

Simple credential matching strategy allows you to match on Issuer and/or Subject name using
regexes while choosing on which DN format you want the match to occur (canonical, rfc1779
or rfc2253).

Fingerprint strategy perform a SHA-1 certificate matching.

PKIX Path strategy perform a full custom PKIX path validation and can be usefull in a scenario
with a complex security model

Base Realm implementations to support the three strategies are included.

This submission is here mainly to get a first feedback from the community. There are no javadoc
for now but a unit test demonstrate the tree strategies with naïve scenarii.



> X509 Client certificate authentication
> --------------------------------------
>                 Key: SHIRO-24
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Alan Cabrera
> Add support for X509 Authentication. Perhaps should not be complicated when we see how
Acegi source code achieve this (
> Notice that the X509Auth is basically a validation of the client certificate. Because
if we reach this point, it means that the application server has successfully trusted the
client certificate against its trust store. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message