DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831 [PATCH] JNDIRealm does not work with CLIENT-CERT auth method ------- Additional Comments From [EMAIL PROTECTED] 2003-06-05 12:37 ------- CLIENT-CERT authentication is done via SSLAuthenticator class which executes RealmBase.authenticate(X509Certifcate[] certs) method. This method uses getPrincipal(String username) method to return principal for given username. If this returs null SSLAutheticator denies to authenticate user. For SSLAuthenticator it is only important to check if user exists in realm and find roles becues AUTHENTICATION is done SSLAuthenticator (checking validity od certificate) This is my implementation for JDBCRealm.getPrincipal which works : (If you want to consult this patch please mail me) /** * Return the Principal associated with the given user name. * This method is used in RealmBase.authenticate(X509Certificate[] creds) * which is then used in SSLAuthenticator to authenticate * with client with CLIENT-CERT method * Absence of this method (returning null) makes CLEINT-CERT authorization * impossible. * * @author Marek Mosiewicz <[EMAIL PROTECTED]> */ protected Principal getPrincipal(String username) { Connection dbConnection = null; try { // Ensure that we have an open database connection dbConnection = open(); String dbCredentials = null; PreparedStatement stmt = credentials(dbConnection, username); ResultSet rs = stmt.executeQuery(); while (rs.next()) { dbCredentials = rs.getString(1).trim(); } rs.close(); if (dbCredentials == null) { return (null); } // Accumulate the user's roles ArrayList list = new ArrayList(); stmt = roles(dbConnection, username); rs = stmt.executeQuery(); while (rs.next()) { list.add(rs.getString(1).trim()); } rs.close(); dbConnection.commit(); // Release the database connection we just used release(dbConnection); // Create and return a suitable Principal for this user return (new GenericPrincipal(this, username, null, list)); } catch (SQLException e) { // Log the problem for posterity log(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); // Return "null" principal return (null); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
