tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack" <>
Subject Mr. Thomas please check this.
Date Sun, 22 Jan 2006 22:14:46 GMT
Mr. Thomas,

I know you are doing this.
On January 20, 2006, under,
you mentioned:
>I'm happy to look at adding CLIENT-CERT support to the JNDI realm
> based on your (Mario Ivankovits) proposal. If I put together a patch are 
> you willing to test it?

When we use client-cert, we might be not using ssl at all since we don't ask 
confidential transfer.

Ralf Hauser report the bug:

He mentioned this:
>A web application may well have a mixed user community,
> some authenticate by means of a password or other authenticators,
> others have a certificate for authentication.
I have the same opinion. That's why I suggest to use UserContext for each 
A UserContext can contains several realms since a realm only handle one 
database or directory service.
Any kind of user with certificate or username/password, a web-app dependent 
UserContext can always do the authentication.

For a specific web-app, all its users' certificate might be in a special 
place. so some attribute of ssl connector
should be attributes of UserContext.

The realms in o.a.c.realm package mixed up authentication & authorization. I 
suggest to seperate them.
authentication belongs to UserContext.

I hope my information can be a little bit helpful to you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message