Re: how we can determine groups and role mapping when we are using Client-Cert?

From: Sarah kho <sarah.kho_at_gmail.com>
Date: Sat, 1 Aug 2009 03:11:18 +0430

Thank you for reply.
Assume that I have an application which multiple roles are required to be
defined. some URLs are available for role1 and some for role2.
I also need client-cert authentication in place. is it posible to have
authorization and use client-cert authentication method?
Thanks.
I am looking to know how we can use client-cert authentication method for
authorization purposes. assume I have some urls only available for managers
and not for employees.

On Fri, Jul 31, 2009 at 4:15 AM, Martin Gainty <mgainty_at_hotmail.com> wrote:

> ./config/domain.xml jacc-provider group-node contains no group attribute
> or group node
>
> keytool contains no group attribute
>
> could you describe what group would be used for?
>
> Martin Gainty
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung/Note de d�ni et de confidentialit�
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>
> Ce message est confidentiel et peut �tre privil�gi�. Si vous n'�tes pas le destinataire pr�vu, nous te demandons avec bont� que pour satisfaire informez l'exp�diteur. N'importe quelle diffusion non autoris�e ou la copie de ceci est interdite. Ce message sert � l'information seulement et n'aura pas n'importe quel effet l�galement obligatoire. �tant donn� que les email peuvent facilement �tre sujets � la manipulation, nous ne pouvons accepter aucune responsabilit� pour le contenu fourni.
>
>
>
>
>
>
> ------------------------------
> Date: Fri, 31 Jul 2009 03:38:45 +0430
> From: sarah.kho_at_gmail.com
> To: users_at_glassfish.dev.java.net
> Subject: Re: how we can determine groups and role mapping when we are using
> Client-Cert?
>
> Hi,
> Any comment is welcome.
> I am just looking to know how we can determine the group information when
> we use client-cert for authentication in a web application.
> Thanks.
>
> On Thu, Jul 30, 2009 at 3:09 PM, Sarah kho <sarah.kho_at_gmail.com> wrote:
>
> Hi,
> When we use Client-cert authentication clients should provide digital
> certificates verifyable by server to be able to connect to the server.
> I am wondering how we can determine roles and groups when we use
> client-cert type.
> does clients digital certificates has some attribute showing which groups
> they belong?
> Thanks
>
>
>
> ------------------------------
> Windows Live� Hotmail�: Search, add, and share the web�s latest sports
> videos. Check it out.<http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_videos_072009&cat=sports>
>