"Bud P. Bruegger" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > hello everyone, > > looked for this all over but couldn't find an answer... > > So I would like to ask a question about the auth-method CLIENT-CERT. It > seems that the username resulting from an authentication is the CN > component of the subject's DN (as it appears in the client > certificate). Is there any way to using a custom function that returns a > username based on the DN? Or is it possible to use a custom function to > return a principal that is different from the username? >
Not with Tomcat out-of-the box (but patches are always welcome :). You could do it with a custom Realm however. Just extend your favorite Tomcat Realm, and override the: Principal getPrincipal(String) method. The String argument is the DN from the user's cert. It can return any Principal that it wants. However, if it doesn't extend Tomcat's GenericPrincipal then you also need to override the 'hasRole' method. > many thanks for any help > > --bud --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
