https://issues.apache.org/bugzilla/show_bug.cgi?id=52500
--- Comment #24 from Christopher Schultz <ch...@christopherschultz.net> 2012-02-14 17:49:48 UTC --- Michael, > >I'm not sure why either of these are necessary. > >I think that UserNameRetriever (maybe a better name > >would be X509UserNameRetriever now that I think about it) > >interface, the SubjectDNRetriever, and minimal changes to RealmBase. > > I am confused. According to my understanding, we want to provide the ability > to > use a user provided X509UserNameRetriever. > > The purpose of UserNameRetrieverDecorator is to return the user name by the > default X509UserNameRetriever if the X509UserNameRetriever provided by a user > will return the empty user name. I think that any X509UserNameRetriever should be required to provide something that is non-null. There's no reason for "client code" not to extend SubjectDNRetriever and simply delegate to the superclass if the name isn't otherwise found. I don't think it's necessary to provide that fallback logic in Tomcat itself: it the user is going to provide an implementation of an X509UserNameRetriever, then it should be *the* implementation that is used, not one of several that Tomcat has to manage. > Regarding UserNameRetrieverConfiguration – it allow easy configuration of a > user provided X509UserNameRetriever. I think all we need is a single method in the RealmBase class that can accept the name of the class. The default is SubjectDNRetriever, but the user can set it to whatever they want. > I think it is very useful if you create your own X509UserNameRetriever. I'm not sure what it adds. > >Basically, no documentation should be required > >that isn't part of your patch. > > So, I will not provide the client certificate description. Correct? > Waiting for your comments. You don't have to introduce the concept of client certificates, no. I think it's obvious to anyone who is reading this type of documentation what is going on: you are making it possible to customize the information used from the client certificate to produce a username that Tomcat uses. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
