users@glassfish.java.net

Re: Custom CertificateRealm for GlassFish

From: Harsha R A <Harsha.Ra_at_Sun.COM>
Date: Wed, 11 Jul 2007 17:26:13 +0530

>
> The problem is when I login into my application with the certificate, I
> get in the logs the follow line:
>
> SEC1050: Certificate authentication requires certificate realm. Check
> server configuration.
This is coming from the check as seen in

http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/LoginContextDriver.java?r=MAIN#l576

i.e. since your class is not extending from CertificateRealm, you get
this warning. CertificateRealm is a final class so I think what you are
trying to do is not possible to achieve currently. I will investigate
further on this.

See also
http://forums.java.net/jive/thread.jspa?messageID=151104&tstart=0#151104

Thanks
Harsha

glassfish_at_javadesktop.org wrote:
> Hi,
>
> I'm developing a j2ee5 application for glassfish with client certificate
> autentication. I have installed correctly the certificates in the
> cacerts.jks, and configured the http-listener.
>
> I need to assign groups to users extracting a substring of the DN of the
> client certificate.
>
> I'trying to do this, creating a custom certificateRealm. I get the sources
> of CertificateRealm, then rename to MyCertificateRealm, modify the
> authenticate() and getGroupNames() to do the job. I compile the class, put
> the jar in glassfish/lib. In the admin tool, change the class of the
> certificate Realm to MyCertificateRealm.
>
> Then, when I start GlassFish, my certificate realm class is initialized ok
> (i put log in the init of my class).
>
> The problem is when I login into my application with the certificate, I
> get in the logs the follow line:
>
> SEC1050: Certificate authentication requires certificate realm. Check
> server configuration.
>
> Then the application seems to login with the standard CertificateRealm,
> and I can't do the custom grups assignments.
>
> Seems like GlassFish don't like my custom CertificateRealm. Where is the
> problem ? I'ts posible to solve my problem by this way ?
>
>
> Fran.
> [Message sent by forum member 'cpdprogramacion' (cpdprogramacion)]
>
> http://forums.java.net/jive/thread.jspa?messageID=225917
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.