[jira] [Closed] (CXF-5909) TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS Certificate

Tue, 29 Jul 2014 12:33:00 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-5909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Piotr Klimczak closed CXF-5909.
-------------------------------

       Resolution: Duplicate
    Fix Version/s: Invalid

> TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS 
> Certificate
> -----------------------------------------------------------------------------------------
>
>                 Key: CXF-5909
>                 URL: https://issues.apache.org/jira/browse/CXF-5909
>             Project: CXF
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Piotr Klimczak
>              Labels: SSL, TLS, authentication, authorization, jaas
>             Fix For: Invalid
>
>   Original Estimate: 16h
>  Remaining Estimate: 16h
>
> Hi All!
> I haven't found such functionality in CXF, so I have created one.
> So if there is anybody who see a value of doing JAAS authentication with TLS 
> Authenticated handshake certificate, then I can prepare patches to 3.x branch 
> and 2.x branch.
> I already got this working, but more work need to be done (like unit tests) 
> before submitting a patch to Apache Community. So just want to be sure that 
> my work will not be wasted.
> Once when I will receive a patch share request, I will prepare it and submit 
> to JIRA.
> *Some description of Authentication/Authorization functionality*
> Well when CXF is used with Mutual Authentication, client key is verified by 
> servlet container in background. So this layer is responsible for doing some 
> authentication. Then certificate seems to be wasted and client have to use 
> UserToken to authenticate again and let the authorization be done in future.
> So the idea is to take some information from message like:
> {code}
> TLSSessionInfo tlsSessionInfo = message.get(TLSSessionInfo.class);
> {code}
> Extract for example a mail from certificate, then use JAAS to do 
> authentication and take roles assigned to this email to let the Authorization 
> be done in future. 
> All done with InInterceptor just like with JAASLoginInInterceptor.
> So it is quite simple.
> Waiting for feedback.
> Once received a confirmation, will prepare patches with junit tests.
> Greetings
> Piotr Klimczak



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to