tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52500] Improve client certificate authentication
Date Mon, 23 Jan 2012 13:32:33 GMT

--- Comment #4 from Mark Thomas <> 2012-01-23 13:32:33 UTC ---
Patches should be provided in diff -u format against, in preference order:
- trunk
- 7.0.x/trunk
- 7.0.x/tags/<latest release>
- 7.0.x/tags/<other release>

The intended way to do this is to override the Realm implementation and provide
an alternative implementation of getPrincipal(X509Certificate).

I'd be prepared to consider changes to RealmBase to provide options for
extracting the user name from the certificate but I am -1 on doing this in the

An additional dependency on bouncy castle is not acceptable. On that topic,
what is wrong with X509Certificate.getSubjectAlternativeNames() that has been
present since Java 1.4?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message