On 10-Aug-2011, at 9:28 AM, Kumar Jayanti wrote:
>
> On 10-Aug-2011, at 12:12 AM, forums_at_java.net wrote:
>
>> The end user will have to be authenticated via a smart card (CAC) before
>> they can access anything on the server. I believe the CAC has their PKI cert.
>
> Are you looking for PKCS11 support ?. It should be possible to use PKCS11 with Glassfish, though i have not tried it on my own.
>
> See : http://weblogs.java.net/blog/kumarjayanti/archive/2009/08/26/configuring-non-jks-keystore-glassfish-v3
I think you are looking for adding end-user authentication via smartcards. So the following link may help..
http://download.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html
-------------
For an application that wants to accommodate PKCS#11 tokens more dynamically, such as Smartcards being inserted and removed, you can use the new KeyStore.Builder class. Here is an example of how to initialize the builder for a PKCS#11 keystore with a callback handler.
KeyStore.Builder builder = new KeyStore.Builder("PKCS11");
builder.setCallbackHandler(new MyGuiCallbackHandler());
For the Sun PKCS#11 provider, the callback handler must be able to satisfy a PasswordCallback, which is used to prompt the user for the PIN. Whenever the application needs access to the keystore, it uses the builder as follows.
KeyStore ks = builder.getKeyStore();
Key key = ks.get(alias, null);
----------------
So you could write a JSR-196 SAM where you challenge the user and collect the pin over secure transport and then use the above API's to authenticate the smartcard user.
http://blogs.oracle.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the
>
>>
>>
>> --
>>
>> [Message sent by forum member 'dhagarty']
>>
>> View Post: http://forums.java.net/node/831166
>>
>>
>