https://issues.apache.org/bugzilla/show_bug.cgi?id=52500
--- Comment #6 from Michael <michael_fur...@hotmail.com> 2012-01-23 19:28:08 UTC --- Dear Mark, Thank you for the fastest comment! >Patches should be provided in diff -u format against, in preference order: I will try to do it when we will finalize patch. >The intended way to do this is to override the Realm implementation and >>provide an alternative implementation of getPrincipal(X509Certificate). I have tried to explore the best way to provide the patch. All realms in Tomcat extend RealmBase. Do you suggest to create the new realm that will extend RealmBase (with the new implementation of getPrincipal) and all realms will extend the realm? Or do you want to override each realm? >I'd be prepared to consider changes to RealmBase to provide options for >extracting the user name from the certificate but I am -1 on doing this in >>the Authenticators. I just need Authenticator for the configuration and I need your help with the realm configuration. Can you explain me how can I configure realms? >An additional dependency on bouncy castle is not acceptable. On that topic, >what is wrong with X509Certificate.getSubjectAlternativeNames() that has >been present since Java 1.4? The SubjectAlternativeNameRetriever class uses X509Certificate.getSubjectAlternativeNames() Unfortunately, generally the SubjectAlternativeName is stored in ASNDerEncodedByteArray I use the bouncy castle classes to convert the value to string. Is bouncy castle open source? Why it is not possible to copy 5 sources in the Tomcat baseline? Alternatively, do you know in Apache foundation a library that provides the following services: ASN1InputStream ASN1Sequence ASN1TaggedObject DERObject DERUTF8String Thanks and best regards, Michael -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
