users@glassfish.java.net

Dynamic certificate realm

From: <glassfish_at_javadesktop.org>
Date: Tue, 17 Mar 2009 04:07:18 PDT

Hello.

We are currently implementing web services in Glassfish 2.1 and these are secured by requiring a client certificate. This all works well using the @RolesAllowed annotation in the web service and defining the DN of the certificates in the <security-role-mapping> element of the sun-application.xml file.

This is however beginning to cause us some problems :
We need to change this file between development and deployment in order to allow development certificates for testing our code and client certificates in the production environment.
Our users (and therefore certificates) are constantly changing, each time this happens we need to change sun-application.xml.

It would therefore be desirable to define some way for the application to dynamically query the roles that the DN from the certificate will map to, perhaps from a database or LDAP. Does anyone know if something like this would be possible?

Thank You.
[Message sent by forum member 'kcochrane' (kcochrane)]

http://forums.java.net/jive/thread.jspa?messageID=337391