Hi all,
The AuthenticationManager.isValid(principal,credential) isn't a good fit for
certificates AFAICS, because you don't know the principal name before you've
authenticated the credential.
I am extending the jetty and tomcat bindings to support certificate
authentication to a JAAS loginmodule, and am having to create a dummy
principal to hack round this.
This works, but getting the principal name out of the httprequest object
returns a dummy name (I'm using cert serial and issuer).
I was wondering:
1) Is there a better way of doing this?
(e.g. should I be using JAAS directly rather than the jboss security
interfaces)
2) Is the AuthenticationManager interface going to change in the near future
to accomodate certs etc..?
Cheers,
Phil
----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
