See GERONIMO-5619, rev 999674 (trunk) Briefly, I've modified CertificatePropertiesFileLoginModule so it works with either a CertificateCallback (used by tomcat) or a NameCallback (used by jetty). In either case we just check that we know about the x500 principal name, there is no password checking. (we rely on ssl to validate the client cert).
Does anyone think this is an undesirable security problem? It might be possible to misconfigure security so that e.g. basic or form auth ended up using this login module and just checked the user name and not the password. I don't think this is sufficiently likely to worry about, since these principal names are ldap goo (ou=.....,) and I would expect any such misconfiguration to be immediately evident in testing. thanks david jencks
