I didn't like this implementation. (Or I haven't understood)
When Tomcat is configured for SSL with client cert authentication required, it
already uses a keystore
(connector tag in server.xml).
This keystore contains only the server certificate.
The clients certificates is authenticated against
walkthrought:
I've implementend a subclass of HibernateLoginConfig that returns always true
for validatePassword;
I've implemented a Filter that replaces the request object with a
RequestWrapper that returns
X509Certificate[] certs = (X509Certificate[])
for me it seems like a bug to have the cert and not the principal.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874716#3874716
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874716
Read about the BaseCertLoginModule:
http://www.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874731#3874731
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874731
But how the certificate of the client is mapped to a user in the Users table?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874484#3874484
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874484
As far as I can see, the default does the following in JBoss/Tomcat integration.
Your client comes in, he has a valid certification. In the certificate is
enclosed the client DN (distinguish name). The default authentication mechanism
maps this DN to the request.getRemoteUser().
So now during
getRemoteUser() is returning null
request.getAttribute(javax.servlet.request.X509Certificate) is returning all
the client certificates configured in the client.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874504#3874504
Reply to the post :
What about getUserPrincipal() and if it is not null
getUserPrincipal().getName() ?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874506#3874506
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874506
It functions and return the user name.
But I think jboss portal does not use this String to amp with a User and
authenticate him.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874507#3874507
Reply to the post :
exactly, I will fix this and use the Principal instead of getRemoteUser() once
the CVS blackout is done. The CVS is being moved to our own hosting and for now
until it is moved we don't commit to it.
View the original post :
Excuse... getUserPrincipal returned null.
it doesn't function
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3874512#3874512
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874512
the code that functions is:
X509Certificate[] certs = (X509Certificate[])
request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate cert = certs[0];
cert.getSubjectDN().getName();
View the original post :
the code that functions is:
X509Certificate[] certs = (X509Certificate[])
request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate cert = certs[0];
cert.getSubjectDN().getName();
View the original post :
the code to modify if you want to test it is in :
jboss-portal-2.0/core/src/main/org/jboss/portal/core/invocation/UserContextInterceptor.java
it is pretty straightforward to change modify.
by the way, what is the version of JBoss you are using ? 4.0.2 ?
View the original post :
As you say if everything was correct getUserPrincipal would return the user.
Maybe I'm not configuring the application correctly.
getUserPrincipal is returning null
and request.getAttribute(javax.servlet.request.X509Certificate) is returning
the user certificates.
why?
View the original post
I have not tried yet but I don't see any reason why it would not work.
I think that first you must enable client cert in web.xml of
portal-core.sar/portal-server.war/WEB-INF/web.xml
the entry for this scheme is not yet here (we only put form and basic auth) so
you must add it
then to make
If you're trying to use ssl auth, then you need to modify this file:
jboss-portal-2.0\core\src\resources\portal-core-war\WEB-INF\web.xml
Look for this block:
| param-valuehttp://localhost:8080/webdav/files/param-value
| !-- Comment out for SSL communication between Portal and
17 matches
Mail list logo