Thanks for the reply.
I have few comments on your reply.
Usually the certificate received at the server side has atleast 2
certificates - one is a public key of the client and the rest are "n"
trusted entries (in my case it is 1).
As you have mentioned about the getRequest() method, where do you access it
in a resource or in a application class? I am intercepting the requests in
an application class (which extends from JaxRsApplication), whereby I am
overriding the handle(req,res) method and and getting the desired
attributes, is the following were you referring to?:
public class MyJaxRsApplication extends JaxRsApplication{
@Override
public void handle(Request request, Response response) {
Map<String, Object> map = request.getAttributes();
@SuppressWarnings("unchecked")
List<X509Certificate> lst = (List<X509Certificate>)
map.get("org.restlet.https.clientCertificates");
//however the first item in the above list is the user's public key
//here, delegation to the authorization PEP, PAP and PIP will be made
}
..
}
Many thanks
Daku
--
View this message in context:
http://restlet-discuss.1400322.n2.nabble.com/fine-grained-authorization-based-on-DN-X-509-tp6444949p6448938.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2759531
