https://issues.apache.org/bugzilla/show_bug.cgi?id=52500
--- Comment #16 from Christopher Schultz <ch...@christopherschultz.net> 2012-02-01 20:57:49 UTC --- (In reply to comment #11) > - I have provided a default transformation that is the same as the current > code > - DefaultSubjectDnRetriever > > Any case, I strongly recommend to add additional transformations out of the > box > since it will allow to use Tomcat for the client certificate authentication. > It will allow easy configuration to do it. See and the examples below: > <Realm className="…" x509UserIdentifierRetrieveField="SubjectAlternativeName" > x509UserIdentifierRetrieveFieldPart="otherName" /> I think the idea was that you would be able to configure the realm like this: <Realm className="..." x509UserIdentifierRetriever="....SubjectDnRetriever" /> (Where my example shown above is the default) That way, the x509UserItentifierRetriever can support whatever requirements are necessary in the deployment environment, rather than having a large list of attributes for RealmBase to juggle-around. > I also can contribute the attached x509Configuration.docx for better > explanation. In the future, please provide more democratic documentation. For instance, plain-text or OpenDocument format. Plain text is better because it does not require a viewer external to the we browser. > In addition, I strongly recommend to add out of the box > SubjectAlternativeNameRetriever. Let's get the interface nailed-down first, then we can implement as many UserIdentifierRetrievers as are appropriate. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
