>Yes ... the principal name from the first certificate in the chain must
>be a username in your Realm for client-cert authentication to work.
Here is the code I used to check that I am getting the right DN:
(snip...)
X509Certificate[] certChain =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certifica
te");
X509Certificate cert = (X509Certificate)certChain[0];
Principal p = cert.getSubjectDN();
(snip...)
out.println("Name of Prinicipal: " + p.getName());
(snip...)
This outputs the following:
Name of Prinicipal: CN=Calvin Hendyrx-Parker, OU=Engineering, O=Epylon,
L=San Francisco, ST=California, C=US
Here is what I have in my Oracle table:
USER_NAME
----------------------------------------------------------------------------
----
CN=Calvin Hendyrx-Parker, OU=Engineering, O=Epylon, L=San Francisco,
ST=Californ
ia, C=US
PASSWORD
--------------------------------------------------
test
then I have this in my roles table:
USER_NAME
----------------------------------------------------------------------------
----
CN=Calvin Hendyrx-Parker, OU=Engineering, O=Epylon, L=San Francisco,
ST=Californ
ia, C=US
ROLE_NAME
--------------------------------------------------
testing
I Have the security constraint set for the role testing in my web.xml file.
In the logs I am getting this which make me think I am close:
2002-08-25 11:55:05 JDBCRealm[Standalone]: Authenticating client certificate
chain
2002-08-25 11:55:05 JDBCRealm[Standalone]: Checking validity for 'CN=Calvin
Hendyrx-Parker, OU=Engineering, O=Epylon, L=San Francisco, ST=California,
C=US'
2002-08-25 11:55:05 JDBCRealm[Standalone]: Checking validity for
'[EMAIL PROTECTED], CN=EpylonCA, OU=Engineering, O=Epylon,
L=San Francisco, ST=California, C=US'
But I still get a 401 error and it doesn't give me the message that that
primary is in a certain role. What am I still missing?
Thanks,
Calvin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
