tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Rome <jamesr...@gmail.com>
Subject Realms and certificates
Date Wed, 28 Sep 2005 19:41:05 GMT
None of the standard realms do certificates properly. For example,
o.a.c.authenticator.SSLAuthenticator.java does not check to see if a
certificate has been revoked. The LDAP realm compares the presented
certificate to the one in the LDAP which puts a burden on the LDAP to
unpublish revoked certificates. This is also rather unnecessary because
given the CA certifdicate and the OCSP address, any presented
certificate can be authenticated properly.

So I write my own Realm by extending RealmBase and modifying the public
Principal authenticate(X509Certificate certs[]) method.
I put this realm inside the <Engine> tag and commented out the
userdatabase realm. But, so far as I can tell, my authenticate method is
never called. Print statements (using the 5.5 log techniques) only
appear from the start() method, never from authenticate(). And I can get
in with revoked client certificates.

Does anyone have an idea of what is happening? How can I debug this?

Thanks,
Jim Rome

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message