[
https://issues.apache.org/jira/browse/SHIRO-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870638#action_12870638
]
Paul Merlin commented on SHIRO-24:
----------------------------------
You'll find attached a svn diff with X509 support added to shiro-web.
It has been generated using plain "svn diff", if another format is more
convenient feel free to ask me.
I implemented three CredentialMatching strategies :
- Simple
- Fingerprint
- PKIX Path
Simple credential matching strategy allows you to match on Issuer and/or
Subject name using regexes while choosing on which DN format you want the match
to occur (canonical, rfc1779 or rfc2253).
Fingerprint strategy perform a SHA-1 certificate matching.
PKIX Path strategy perform a full custom PKIX path validation and can be
usefull in a scenario with a complex security model
Base Realm implementations to support the three strategies are included.
This submission is here mainly to get a first feedback from the community.
There are no javadoc for now but a unit test demonstrate the tree strategies
with naïve scenarii.
WDYT ?
/Paul
> X509 Client certificate authentication
> --------------------------------------
>
> Key: SHIRO-24
> URL: https://issues.apache.org/jira/browse/SHIRO-24
> Project: Shiro
> Issue Type: New Feature
> Reporter: Alan Cabrera
>
> Add support for X509 Authentication. Perhaps should not be complicated when
> we see how Acegi source code achieve this
> (http://www.acegisecurity.org/guide/springsecurity.html#x509) ?
> Notice that the X509Auth is basically a validation of the client certificate.
> Because if we reach this point, it means that the application server has
> successfully trusted the client certificate against its trust store.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
