Hi,

Apologies in advance for my errors - I'm a newbie to contributing code rather 
than just downloading it.  

As I understand things, I cannot use a JNDI realm with CLIENT-CERT 
authentication at the moment (very similiar to BUG 4352, which describes a 
similar problem for JDBCRealm).   I've therefore tried to modify 
org.apache.catalina.realm.JNDIRealm and I was wondering if someone could give 
me some advice, please?

The situation:

I had CLIENT-CERT working with certificates from our PKI and MemoryRealm to 
provide user-to-role mapping.  I tried to replace the MemoryRealm part with 
the LDAP directory that's part of our PKI using JNDIRealm.  Unfortunately, 
the getPrincipal(String username) method within JNDIRealm just returns null 
at the moment.

Part of the solution:

I've modified JNDIRealm and 'fixed' things but my code is a bit 'Mickey 
Mouse'.  The problem is that to build a GenericPrincipal I need the user's 
credentials and this makes me nervous for two reasons:

1) Its supposed to be a string.  I guess this is because for 99% of the time 
it would be a password.  This makes no sense for a chain of certificates, 
though.

2) I don't think there is a way of getting hold of the certificates from just 
a username.  Technically, I could get them from our PKI directory using the 
userCertificate attribute but there's no guarantee that this would be the 
same certificate that the user presented.  More importantly, I don't think 
many people would want to be tied to our PKI! :)

I have the code for what I've implemented, which just builds a principal with 
'null' credentials (yuk).  This works with superficial testing but I don't 
like it because I'm always looking over my shoulder for the 'NullPointer' 
exception.  How am I supposed to do this?  Am I missing something?

Thanks for your help (and patience).

Regards,
Richard Priestley

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to