Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CD2EF9EA6 for ; Tue, 24 Jan 2012 11:03:56 +0000 (UTC) Received: (qmail 61084 invoked by uid 500); 24 Jan 2012 11:03:55 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 60897 invoked by uid 500); 24 Jan 2012 11:03:54 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 60888 invoked by uid 99); 24 Jan 2012 11:03:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2012 11:03:54 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2012 11:03:52 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 3CD414F33C; Tue, 24 Jan 2012 11:03:31 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: DO NOT REPLY [Bug 52500] Improve client certificate authentication Date: Tue, 24 Jan 2012 11:03:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Catalina X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: markt@apache.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=52500 --- Comment #8 from Mark Thomas 2012-01-24 11:03:28 UTC --- The suggestion is to make all Realm's more configurable be modifying RealmBase. One option would be: - define an interface for transforming certs to user names - allow users to write their own implementations of this interface - add an attribute to RealmBase that allows custom implementations of this transform to be specified (by full class name) - modify RealmBase to use this transformation - provide a default transformation that is the same as the current code See the Tomcat docs for how to configure Realms. Bouncy castle is licensed under terms that would allow us to use it in Tomcat but I am -1 for adding a dependency for this feature. I would much rather add the extension point as outlined above and allow users to implement whatever they need using whatever libraries they choose. At the moment, I am +0 for adding additional transformations such such as the one proposed here. My final view would depend on how much demand there was for the feature, how much new code was required and how complex it was. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org