tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52500] Improve client certificate authentication
Date Tue, 14 Feb 2012 08:00:19 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52500

--- Comment #23 from Michael <michael_furman@hotmail.com> 2012-02-14 08:00:19 UTC ---
Dear Christopher,
Thank you for the fast reply!

>That looks great.
Thanks!



>I'm not sure why either of these are necessary. 
>I think that UserNameRetriever (maybe a better name 
>would be X509UserNameRetriever now that I think about it)
>interface, the SubjectDNRetriever, and minimal changes to RealmBase.


I am confused. According to my understanding, we want to provide the ability to
use a user provided X509UserNameRetriever.

The purpose of UserNameRetrieverDecorator is to return the user name by the
default X509UserNameRetriever if the X509UserNameRetriever provided by a user
will return the empty user name.

I can move the UserNameRetrieverDecorator code to RealmBase, but I think it is
clearer if it is in the different class.

Please tell me what you think about it.


Regarding UserNameRetrieverConfiguration – it allow easy configuration of a
user provided X509UserNameRetriever.

I think it is very useful if you create your own X509UserNameRetriever.
Please tell me what you think about it.




>Note that no changes are required to the Realm interface: the selection of a
>UserNameRetriever is an implementation detail that can safely be left in
>RealmBase.

Ok, got it.

> If you do submit another one, please don't include 
>"@author" tags in the source files:

I will provide another patch upon your comments without the @author tag and
with X509UserNameRetriever name.




>Look at the file webapps/docs/config/realm.xml for the source to
>the current "Realm" configuration page:
> that's the proper place to document the new configuration 
> attributes and describe how they can be used.

Ok, I will do it. I think to add the new configuration attributes into the
Common Attributes section.

Please tell me what you think about it.




>Basically, no documentation should be required 
>that isn't part of your patch.


So, I will not provide the client certificate description. Correct?
Waiting for your comments.

Best regards,
   Michael

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message