Dear Developers,
I'm trying to make the FTPS authentication work without requiring a
password from the FTP clients. I was hoping to get the authentication
done with just user name and a client certificate. I thought may be I
could intercept the "before USER" command in an Ftplet, check the user
name, and the certificate, and if the certificate belongs to the user
(based on our internal database), update the FtpSession to set "login
completed".
So, I tried to use
FtpSession.setAttribute("org.apache.ftpserver.user", "MyUser").
The above call fails with IllegalArgumentException from
DefaultFtpSession.setAttribute(String, Object) method. It basically
does not allow manipulating the internal session attributes.
So, is there another way to accomplish what I need. In essence, the
FTP clients would connect (with a client certificate), and send the
USER command. They will never send the PASS command. As soon as I
receive the USER command, I should be able to determine if the user
should be considered logged in based on their user name and
certificate.
I appreciate any help you could provide on this.
Regards,
Sai Pullabhotla
