Phil,
It has been suggested that Jetties approach of testing each certificate
in turn until one passes is incorrect. As the array of certificates
indicates the chain of trust and they all need to be checked to
verify authentication.
As we are already passing an object as a credential to the realm, I
suggest that we pass the entire array of certificates to the realm for
it to check:
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
if (certs==null || certs.length==0 || certs[0]==null)
return null;
Principal principal = certs[0].getSubjectDN();
if (principal==null)
principal=certs[0].getIssuerDN();
UserPrincipal user =
realm.authenticate(principal==null?"clientcert":principal.getName(),
certs,request);
return user;
Would that be an appropriate thing to do?
Note that I agree with Scott that we do not need a mutable
Principal returned.
cheers
--
Greg Wilkins<[EMAIL PROTECTED]> Phone/fax: +44 7092063462
Mort Bay Consulting Australia and UK. http://www.mortbay.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
