Hi, Apologies in advance for my errors - I'm a newbie to contributing code rather than just downloading it.
As I understand things, I cannot use a JNDI realm with CLIENT-CERT authentication at the moment (very similiar to BUG 4352, which describes a similar problem for JDBCRealm). I've therefore tried to modify org.apache.catalina.realm.JNDIRealm and I was wondering if someone could give me some advice, please? The situation: I had CLIENT-CERT working with certificates from our PKI and MemoryRealm to provide user-to-role mapping. I tried to replace the MemoryRealm part with the LDAP directory that's part of our PKI using JNDIRealm. Unfortunately, the getPrincipal(String username) method within JNDIRealm just returns null at the moment. Part of the solution: I've modified JNDIRealm and 'fixed' things but my code is a bit 'Mickey Mouse'. The problem is that to build a GenericPrincipal I need the user's credentials and this makes me nervous for two reasons: 1) Its supposed to be a string. I guess this is because for 99% of the time it would be a password. This makes no sense for a chain of certificates, though. 2) I don't think there is a way of getting hold of the certificates from just a username. Technically, I could get them from our PKI directory using the userCertificate attribute but there's no guarantee that this would be the same certificate that the user presented. More importantly, I don't think many people would want to be tied to our PKI! :) I have the code for what I've implemented, which just builds a principal with 'null' credentials (yuk). This works with superficial testing but I don't like it because I'm always looking over my shoulder for the 'NullPointer' exception. How am I supposed to do this? Am I missing something? Thanks for your help (and patience). Regards, Richard Priestley -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
