Hi My suggestion would be to let the client execute the PASS command with any password (blank, fixed, random). Then, implement UserManager and perform the certificate check in the authenticate() method. The certificate chain is included in the UsernamePasswordAuthentication object.
We actually supported this out of the box with FtpServer at one time, but decided to remove it due to lack of a spec. /niklas On Tue, Apr 5, 2011 at 11:27 PM, Sai Pullabhotla <[email protected]> wrote: > Dear Developers, > > I'm trying to make the FTPS authentication work without requiring a > password from the FTP clients. I was hoping to get the authentication > done with just user name and a client certificate. I thought may be I > could intercept the "before USER" command in an Ftplet, check the user > name, and the certificate, and if the certificate belongs to the user > (based on our internal database), update the FtpSession to set "login > completed". > > So, I tried to use > FtpSession.setAttribute("org.apache.ftpserver.user", "MyUser"). > > The above call fails with IllegalArgumentException from > DefaultFtpSession.setAttribute(String, Object) method. It basically > does not allow manipulating the internal session attributes. > > So, is there another way to accomplish what I need. In essence, the > FTP clients would connect (with a client certificate), and send the > USER command. They will never send the PASS command. As soon as I > receive the USER command, I should be able to determine if the user > should be considered logged in based on their user name and > certificate. > > I appreciate any help you could provide on this. > > Regards, > Sai Pullabhotla >
