|
I don't remeber seeing my reply to this, so maybe a
duplicate.
The principal for the certificate should be passed
in from the layer doing
the validation. Login modules do not define the
caller principal, they validate
them. I need to understand the functions of the
SigVerificationHandler and
SigAuthenticationHandler in the overall context of
a method invocation to
really say how they map to JBossSX and whether
additional security APIs
are needed here.
Adding the xmlsig stuff to thirdparty is
fine.
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief
Technology Officer
JBoss Group,
LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
Sent: Wednesday, November 27, 2002 2:50
PM
Subject: Re: [JBoss-dev] authenticating
using a non-text credential (ObjectCallback)
On Wednesday, November 27, 2002, at 01:01 PM, Scott M Stark
wrote:
I updated the default CallbackHandler
used by the JaasSecurityManager to support ObjectCallbacks
and changed the
SigAuthenticationHandler to use the isValid() method.
Thanks Scott.
The use of null as
the
principal indicates this is
not really an authentication so I need to understand what the context of
the validation is.
Actually the certificate contains the
information about the principal we are authenticating ( the CN portion of
Distinguished Name for instance ).
By the time the
SigAuthenticationHandler sees the certificate, the SigVerificationHandler has
already validated the certificate, and the messages signature. At this point
we are just trying to decide if the certificate should be
trusted.
Maybe it would be better to not assume the certificate has
already been validated?
I haven't committed the SigVerificationHandler
yet because it requires apache's XML-Security library to compile, and I am not
sure if it is o.k. to just go adding things to thirdparty.
If you just want to know if the cert
should be accepted why not use the KeyStore
associated with the
security domain to see if the cert is know to the security domain and
validate
the cert as a
X509Certificate?
Explain
the context some more and if there are cert management functions that should
be
part of the SecurityDomain
interface I'll look into adding them.
The
CertificateLoginModule checks that the certificate exists (and is trusted) in
the keystore. If so it creates a SimplePrincipal (using the certificate's
alias as the name) that will be returned by the getIdentity() method.
This is admittably a bit of a hack to map certificates to users in the
system. I did this rather than using say the CN so that there would be a
little bit of control over the user to whom this Certificate gets mapped. I
could really use any ideas on a better way to accomplish this?
Once
the identity has been divined from the certificate, it's a simple matter for
getRoleSets() to find the roles this user should assume.
Let me
know if my thought process is way off here. If it is, is there a better way to
accomplish what I am
attempting?
thanks
-jason
| 