Re: JDBCRealm CLIENT-CERT Authentication
Hi.
You need to add to the web.xml file the following lines:
login-config
auth-methodCLIENT-CERT/auth-method
/login-config
When you try to connect to the protected resource, the navigator will
request a client certificate.
Regards.
--
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi,
i use already the client-cert method and a suitable security-role.
May i made a mistake during build?
How can be ensured that tomcat make use of the new authenticate method?
thanks
Patrick
jazorin wrote:
Hi.
You need to add to the web.xml file the following lines:
login-config
auth-methodCLIENT-CERT/auth-method
/login-config
When you try to connect to the protected resource, the navigator will
request a client certificate.
Regards.
--
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
jazorin wrote:
Hi.
You can to implement a JDBCRealm with client certificates modifying the
org.apache.catalina.realm.JDBCRealm class. You need add the public
Principal authenticate(X509Certificate[] cert) method. Inside, you have
to include the following lines:
import java.security.cert.X509Certificate;
Connection dbConnection = null;
try {
// Obtain DN from client certificate.
String dn = cert[0].getSubjectDN().getName();
// Ensure that we have an open database connection
dbConnection = open();
// Acquire a Principal object for this user
Principal principal = authenticate(dbConnection,
dn, dn);
// Release the database connection we just used
release(dbConnection);
// Return the Principal (if any)
return (principal);
} catch (SQLException e) {
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
// Return not authenticated for this request
return (null);
}
In authenticate(dbConnection,dn,dn); - first dn = name of user (login)
and second dn = credentials. These credentials can to be the OU of the
certificate, etc.
With the previous example you have to put in role-name of web.xml the
full DN, and you need to create a user in BD with username = DN full
and credentials = DN full.
Luck!!
-
At 16:44 13/03/2003 +0100, you wrote:
Hello,
is it correct that only Memory- and JNDIRealm can perform the mapping
between the DN included in a certificate and a users role?
Because of the lack of dynamic changes in MemoryRealm, i want to replace
it with a JDBCRealm. Is there any information available how to implement
a JDBCRealm that authenticates users by CLIENT-CERT.
thanks in advance
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm CLIENT-CERT Authentication
Hello, is it correct that only Memory- and JNDIRealm can perform the mapping between the DN included in a certificate and a users role? Because of the lack of dynamic changes in MemoryRealm, i want to replace it with a JDBCRealm. Is there any information available how to implement a JDBCRealm that authenticates users by CLIENT-CERT. thanks in advance Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi.
You can to implement a JDBCRealm with client certificates modifying the
org.apache.catalina.realm.JDBCRealm class. You need add the public
Principal authenticate(X509Certificate[] cert) method. Inside, you have
to include the following lines:
import java.security.cert.X509Certificate;
Connection dbConnection = null;
try {
// Obtain DN from client certificate.
String dn = cert[0].getSubjectDN().getName();
// Ensure that we have an open database connection
dbConnection = open();
// Acquire a Principal object for this user
Principal principal = authenticate(dbConnection,
dn, dn);
// Release the database connection we just used
release(dbConnection);
// Return the Principal (if any)
return (principal);
} catch (SQLException e) {
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
// Return not authenticated for this request
return (null);
}
In authenticate(dbConnection,dn,dn); - first dn = name of user (login)
and second dn = credentials. These credentials can to be the OU of the
certificate, etc.
With the previous example you have to put in role-name of web.xml the
full DN, and you need to create a user in BD with username = DN full
and credentials = DN full.
Luck!!
-
At 16:44 13/03/2003 +0100, you wrote:
Hello,
is it correct that only Memory- and JNDIRealm can perform the mapping
between the DN included in a certificate and a users role?
Because of the lack of dynamic changes in MemoryRealm, i want to replace
it with a JDBCRealm. Is there any information available how to implement
a JDBCRealm that authenticates users by CLIENT-CERT.
thanks in advance
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
