I would like to use the shiro.ini configuration to secure Web apps using SSL authentication. I have successfully implemented the Web App Tutorial. Now my next step is to try authentication using SSL with an x509 certificate and I am having difficulty determining the steps that must be done.
I have successfully placed /account/** = ssl in the shiro.ini in place of /account/** = authc, roles[admin] but I'm not sure what else I need to do to associate with a user in the shiro.ini to get RBAC as with the form based (username/password) authentication of the tutorial. I have noticed Shiro Issue SHIRO-24 is titled "Add support for X509 Authentication" and am wondering if this is what would be helpful for my situation. I am assuming that I could implement/extend some of the Shiro API to do what I need to lacking that support. I also found the following which looks to be along the lines of what I need, but I'm not sure. https://github.com/eskatos/shiro-ext/tree/master/x509/core/src/main/java/org/apache/shiro/authc/x509 Any help would be appreciated. Thanks. -- View this message in context: http://shiro-user.582556.n2.nabble.com/x509-authentication-tp7580976.html Sent from the Shiro User mailing list archive at Nabble.com.
