Tadek’s Blog

1. MemoryRealm works fine.
2. UserDatabase doesn’t work. The code is ok, but apparently while parsing server.xml file and creating UserDatabase (declared there) the server creates some kind of property file (MBeans), which of course cannot be created for the property which contains sign ‘=’. Therefore it fails.
3. Other realms could possibly work, but they don’t implement authenticate(cert[]) function, which is called to verify the certificates. It’s a bit of a shame and I really don’t see why it could not work. Some more detail how it works: -> SSLAuthenticator – looks at certificates and calles Realm.authenticate(certs[]) RealmBase.authenticate(certs[]) validates all certificates and calls getPrincipal(cert[0]) to get the Principal, which is then used (if not null) to get all roles. That’s it.

For JDBC such method does not exist. Neither for LDAP…. but this bug is as old as the world and it doesn’t seem that the developers want to do something about it here. Anyway – that’s it.

This entry was posted on Thursday, November 25th, 2004 at 12:31 am and is filed under Hacking, Security, Tips&Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.