[
https://issues.apache.org/jira/browse/SHIRO-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13490564#comment-13490564
]
Jan Stamer commented on SHIRO-24:
---------------------------------
We use x509 along with other realms. So basically we extract the username from
the certificate and then get the roles of the user from a JDBC realm. This is
similar to what Spring Security provides. You can find the code at our Github
repository https://github.com/PE-INTERNATIONAL/shiro-x509.
> X509 Client certificate authentication
> --------------------------------------
>
> Key: SHIRO-24
> URL: https://issues.apache.org/jira/browse/SHIRO-24
> Project: Shiro
> Issue Type: New Feature
> Reporter: Alan Cabrera
> Attachments: shiro-x509-20100524.diff
>
>
> Add support for X509 Authentication. Perhaps should not be complicated when
> we see how Acegi source code achieve this
> (http://www.acegisecurity.org/guide/springsecurity.html#x509) ?
> Notice that the X509Auth is basically a validation of the client certificate.
> Because if we reach this point, it means that the application server has
> successfully trusted the client certificate against its trust store.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
