tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack" <jack...@hotmail.com>
Subject Mr. Thomas please check this.
Date Sun, 22 Jan 2006 22:14:46 GMT
Hi,
Mr. Thomas,

I know you are doing this.
On January 20, 2006, under 
http://issues.apache.org/bugzilla/show_bug.cgi?id=7831,
you mentioned:
>I'm happy to look at adding CLIENT-CERT support to the JNDI realm
> based on your (Mario Ivankovits) proposal. If I put together a patch are 
> you willing to test it?

When we use client-cert, we might be not using ssl at all since we don't ask 
confidential transfer.

Ralf Hauser report the bug:
http://issues.apache.org/bugzilla/show_bug.cgi?id=34643

He mentioned this:
>A web application may well have a mixed user community,
> some authenticate by means of a password or other authenticators,
> others have a certificate for authentication.
I have the same opinion. That's why I suggest to use UserContext for each 
web-app.
A UserContext can contains several realms since a realm only handle one 
database or directory service.
Any kind of user with certificate or username/password, a web-app dependent 
UserContext can always do the authentication.

For a specific web-app, all its users' certificate might be in a special 
place. so some attribute of ssl connector
should be attributes of UserContext.

The realms in o.a.c.realm package mixed up authentication & authorization. I 
suggest to seperate them.
authentication belongs to UserContext.

I hope my information can be a little bit helpful to you.
jackzhp@hotmail.com




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message