if you just want to test client authentication, try:
1. create a web app, adding client-auth="true" to the <web-site ...> tag
2. there is a jsp file in \orion\demo\ssl\ssl-user-registration.jsp
have a look at that file, in particular
<% java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)
request.getAttribute("javax.servlet.request.X509Certificate"); %>
You will need to use UserManager to actually do anything useful.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Paolo Ramasso
> Sent: Monday, July 02, 2001 1:29 AM
> To: Orion-Interest
> Subject: request for info:ssl and client authentication with orion
>
> Hi guys
>
> i need some more info about ssl and oc4j (orion 1.5.0)
> here is the enviroment:
> client authentication by SSL 3 using x501 certificates, the application
> server (oc4j ) must validate and inspect the certificate info and
> extract the
> user information contained in it (....common name ....to use it as a
> lookup
> key in LDAP directory search ).
> here are the question:
> does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
> to validate the client digital certificate against a CA?
> does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
> to extract
> client user information from the digital certificate sent by the
> client?
> thanks a lot in advance
> ciao
> Paolo
