Re: JDBCRealm CLIENT-CERT Authentication
Hi, i use already the client-cert method and a suitable security-role. May i made a mistake during build? How can be ensured that tomcat make use of the new authenticate method? thanks Patrick jazorin wrote: Hi. You need to add to the web.xml file the following lines: CLIENT-CERT When you try to connect to the protected resource, the navigator will request a client certificate. Regards. -- Hi, i tried the following: + Add the mehtod authenticate(...) to the File JDBCRealm.java + build a Tomcat distribution + replace the catalina.jar with the new version (on an other machine) + add full DN to the web.xml + insert into table users ('DN','DN') + insert into table user_roles ('DN','DN') Then i try to connect with a browser to the protected ressource and the browser requests login and password. Any suggestions? thanks Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi. You need to add to the web.xml file the following lines: CLIENT-CERT When you try to connect to the protected resource, the navigator will request a client certificate. Regards. -- Hi, i tried the following: + Add the mehtod authenticate(...) to the File JDBCRealm.java + build a Tomcat distribution + replace the catalina.jar with the new version (on an other machine) + add full DN to the web.xml + insert into table users ('DN','DN') + insert into table user_roles ('DN','DN') Then i try to connect with a browser to the protected ressource and the browser requests login and password. Any suggestions? thanks Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi, i tried the following: + Add the mehtod authenticate(...) to the File JDBCRealm.java + build a Tomcat distribution + replace the catalina.jar with the new version (on an other machine) + add full DN to the web.xml + insert into table users ('DN','DN') + insert into table user_roles ('DN','DN') Then i try to connect with a browser to the protected ressource and the browser requests login and password. Any suggestions? thanks Patrick jazorin wrote: Hi. You can to implement a JDBCRealm with client certificates modifying the org.apache.catalina.realm.JDBCRealm class. You need add the public Principal authenticate(X509Certificate[] cert) method. Inside, you have to include the following lines: import java.security.cert.X509Certificate; Connection dbConnection = null; try { // Obtain DN from client certificate. String dn = cert[0].getSubjectDN().getName(); // Ensure that we have an open database connection dbConnection = open(); // Acquire a Principal object for this user Principal principal = authenticate(dbConnection, dn, dn); // Release the database connection we just used release(dbConnection); // Return the Principal (if any) return (principal); } catch (SQLException e) { // Log the problem for posterity log(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); // Return "not authenticated" for this request return (null); } In authenticate(dbConnection,dn,dn); -> first dn = name of user (login) and second dn = credentials. These credentials can to be the OU of the certificate, etc. With the previous example you have to put in of web.xml the full DN, and you need to create a user in BD with username = DN full and credentials = DN full. Luck!! - At 16:44 13/03/2003 +0100, you wrote: Hello, is it correct that only Memory- and JNDIRealm can perform the mapping between the DN included in a certificate and a users role? Because of the lack of dynamic changes in MemoryRealm, i want to replace it with a JDBCRealm. Is there any information available how to implement a JDBCRealm that authenticates users by CLIENT-CERT. thanks in advance Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi. You can to implement a JDBCRealm with client certificates modifying the org.apache.catalina.realm.JDBCRealm class. You need add the public Principal authenticate(X509Certificate[] cert) method. Inside, you have to include the following lines: import java.security.cert.X509Certificate; Connection dbConnection = null; try { // Obtain DN from client certificate. String dn = cert[0].getSubjectDN().getName(); // Ensure that we have an open database connection dbConnection = open(); // Acquire a Principal object for this user Principal principal = authenticate(dbConnection, dn, dn); // Release the database connection we just used release(dbConnection); // Return the Principal (if any) return (principal); } catch (SQLException e) { // Log the problem for posterity log(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); // Return "not authenticated" for this request return (null); } In authenticate(dbConnection,dn,dn); -> first dn = name of user (login) and second dn = credentials. These credentials can to be the OU of the certificate, etc. With the previous example you have to put in of web.xml the full DN, and you need to create a user in BD with username = DN full and credentials = DN full. Luck!! - At 16:44 13/03/2003 +0100, you wrote: Hello, is it correct that only Memory- and JNDIRealm can perform the mapping between the DN included in a certificate and a users role? Because of the lack of dynamic changes in MemoryRealm, i want to replace it with a JDBCRealm. Is there any information available how to implement a JDBCRealm that authenticates users by CLIENT-CERT. thanks in advance Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm CLIENT-CERT Authentication
Hello, is it correct that only Memory- and JNDIRealm can perform the mapping between the DN included in a certificate and a users role? Because of the lack of dynamic changes in MemoryRealm, i want to replace it with a JDBCRealm. Is there any information available how to implement a JDBCRealm that authenticates users by CLIENT-CERT. thanks in advance Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]