tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: CLIENT-CERT and custom username?
Date Fri, 10 Oct 2003 04:01:20 GMT

"Bud P. Bruegger" <> wrote in message
> hello everyone,
> looked for this all over but couldn't find an answer...
> So I would like to ask a question about the auth-method CLIENT-CERT.  It
> seems that the username resulting from an authentication is the CN
> component of the subject's DN (as it appears in the client
> certificate).  Is there any way to using a custom function that returns a
> username based on the DN?  Or is it possible to use a custom function to
> return a principal that is different from the username?

Not with Tomcat out-of-the box (but patches are always welcome :).  You
could do it with a custom Realm however.  Just extend your favorite Tomcat
Realm, and override the:
  Principal getPrincipal(String)
method.  The String argument is the DN from the user's cert.  It can return
any Principal that it wants.  However, if it doesn't extend Tomcat's
GenericPrincipal then you also need to override the 'hasRole' method.

> many thanks for any help
> --bud

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message