Last I heard the guy wanted to donate it, but MIT's lawyers got in the way. There was interested from another school for this too. I can ping the author to see if he had any luck and is still interested.
Paul, post the jira when you get time to submit it, and I will pass it along. On Wed, May 5, 2010 at 6:01 PM, Les Hazlewood <[email protected]> wrote: > I totally agree - it'd be great to see what that Realm did and see if > there is synergy with Paul's work. Brian, do you know if that Realm > could be donated to the project? Is it available online somewhere > (e.g. under the MIT license?). > > - Les > > On Wed, May 5, 2010 at 7:12 AM, Brian Demers <[email protected]> > wrote: > > I know of another JSecurity X509 Realm, although the implementation > > was specific MIT's single sign on server. So I think extracting any > common > > pieces would be great, even if it ends up in its own module i.e. > shiro-x509 > > > > > > On Wed, May 5, 2010 at 6:04 AM, Paul Merlin <[email protected]> wrote: > > > >> Hi, > >> > >> For my own needs I wrote support of X509Certificate mutual > authentication > >> for > >> shiro and I will contribute it back. > >> > >> I implemented several CredentialMatchers : > >> - DN matching (but I think this is the poor's man mutual authentication > as > >> it > >> opens security vulnerabilities) > >> - certificate fingerprint matching (more robust IMHO) > >> - full PKIX path validation using a trusted certificates collection > >> provided by > >> the underling realm (really nice if you have several authorities and a > >> complex > >> security model) > >> > >> All theses are working fine. > >> > >> Obviously some code in my current implementation is a bit specific but I > >> think > >> that with some more work it will be usable as a generic implementation. > >> > >> All this needs several classes, so I think about extracting the code > from > >> my > >> project, packaging it as a standalone project depending on shiro so that > >> it's > >> easily testable without applying a complex patch. Les, do you have any > >> suggestions about this ? > >> > >> Cheers > >> > >> /Paul > >> > >> > >> > > >
