users@glassfish.java.net

Re: how we can determine groups and role mapping when we are using Client-Cert?

From: Sarah kho <sarah.kho_at_gmail.com>
Date: Sat, 1 Aug 2009 03:11:18 +0430

Thank you for reply.
Assume that I have an application which multiple roles are required to be
defined. some URLs are available for role1 and some for role2.
I also need client-cert authentication in place. is it posible to have
authorization and use client-cert authentication method?
Thanks.
I am looking to know how we can use client-cert authentication method for
authorization purposes. assume I have some urls only available for managers
and not for employees.

On Fri, Jul 31, 2009 at 4:15 AM, Martin Gainty <mgainty_at_hotmail.com> wrote:

> ./config/domain.xml jacc-provider group-node contains no group attribute
> or group node
>
> keytool contains no group attribute
>
> could you describe what group would be used for?
>
> Martin Gainty
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>
>
>
>
>
>
> ------------------------------
> Date: Fri, 31 Jul 2009 03:38:45 +0430
> From: sarah.kho_at_gmail.com
> To: users_at_glassfish.dev.java.net
> Subject: Re: how we can determine groups and role mapping when we are using
> Client-Cert?
>
> Hi,
> Any comment is welcome.
> I am just looking to know how we can determine the group information when
> we use client-cert for authentication in a web application.
> Thanks.
>
> On Thu, Jul 30, 2009 at 3:09 PM, Sarah kho <sarah.kho_at_gmail.com> wrote:
>
> Hi,
> When we use Client-cert authentication clients should provide digital
> certificates verifyable by server to be able to connect to the server.
> I am wondering how we can determine roles and groups when we use
> client-cert type.
> does clients digital certificates has some attribute showing which groups
> they belong?
> Thanks
>
>
>
> ------------------------------
> Windows Live™ Hotmail®: Search, add, and share the web’s latest sports
> videos. Check it out.<http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_videos_072009&cat=sports>
>