tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52500] Improve client certificate authentication
Date Tue, 24 Jan 2012 11:03:28 GMT

--- Comment #8 from Mark Thomas <> 2012-01-24 11:03:28 UTC ---
The suggestion is to make all Realm's more configurable be modifying RealmBase.
One option would be:
- define an interface for transforming certs to user names
- allow users to write their own implementations of this interface
- add an attribute to RealmBase that allows custom implementations of this
transform to be specified (by full class name)
- modify RealmBase to use this transformation
- provide a default transformation that is the same as the current code

See the Tomcat docs for how to configure Realms.

Bouncy castle is licensed under terms that would allow us to use it in Tomcat
but I am -1 for adding a dependency for this feature. I would much rather add
the extension point as outlined above and allow users to implement whatever
they need using whatever libraries they choose.

At the moment, I am +0 for adding additional transformations such such as the
one proposed here. My final view would depend on how much demand there was for
the feature, how much new code was required and how complex it was.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message