Hi, Mr. Thomas, I know you are doing this. On January 20, 2006, under http://issues.apache.org/bugzilla/show_bug.cgi?id=7831, you mentioned: >I'm happy to look at adding CLIENT-CERT support to the JNDI realm > based on your (Mario Ivankovits) proposal. If I put together a patch are > you willing to test it?
When we use client-cert, we might be not using ssl at all since we don't ask confidential transfer. Ralf Hauser report the bug: http://issues.apache.org/bugzilla/show_bug.cgi?id=34643 He mentioned this: >A web application may well have a mixed user community, > some authenticate by means of a password or other authenticators, > others have a certificate for authentication. I have the same opinion. That's why I suggest to use UserContext for each web-app. A UserContext can contains several realms since a realm only handle one database or directory service. Any kind of user with certificate or username/password, a web-app dependent UserContext can always do the authentication. For a specific web-app, all its users' certificate might be in a special place. so some attribute of ssl connector should be attributes of UserContext. The realms in o.a.c.realm package mixed up authentication & authorization. I suggest to seperate them. authentication belongs to UserContext. I hope my information can be a little bit helpful to you. [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
