tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52500] Improve client certificate authentication
Date Mon, 23 Jan 2012 13:32:33 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52500

--- Comment #4 from Mark Thomas <markt@apache.org> 2012-01-23 13:32:33 UTC ---
Patches should be provided in diff -u format against, in preference order:
- trunk
- 7.0.x/trunk
- 7.0.x/tags/<latest release>
- 7.0.x/tags/<other release>

The intended way to do this is to override the Realm implementation and provide
an alternative implementation of getPrincipal(X509Certificate).

I'd be prepared to consider changes to RealmBase to provide options for
extracting the user name from the certificate but I am -1 on doing this in the
Authenticators.

An additional dependency on bouncy castle is not acceptable. On that topic,
what is wrong with X509Certificate.getSubjectAlternativeNames() that has been
present since Java 1.4?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message