[undertow-dev] certs
Bill Burke
bburke at redhat.com
Thu Jun 27 11:14:10 EDT 2013
You can just pass in a dummy trust manager.
On 6/27/2013 11:04 AM, Darran Lofthouse wrote:
> I will have another look, last time I looked into this however there did
> seem to be a need for list of accepted issuers of certificates to be
> returned from the X509TrustManager in use: -
>
> X509Certificate[] getAcceptedIssuers()
>
> Regards,
> Darran Lofthouse.
>
>
> On 27/06/13 14:10, Bill Burke wrote:
>> Its an IDM SaaS, so different realms will have different security
>> models. It should be possible from a NIO perspective, no? Last time I
>> looked at that stuff it did seem possible.
>>
>> On 6/27/2013 5:47 AM, Darran Lofthouse wrote:
>>> I will check for you but from last time I worked on this I am not sure
>>> if that is possible - I think a valid trust store was still required
>>> server side to verify the remote certificate - even if it was just a
>>> trust store containing certificate authority certificates.
>>>
>>> Do your clients definitely not have a least a common certificate
>>> authority signing their certificates?
>>>
>>> Regards,
>>> Darran Lofthouse.
>>>
>>>
>>> On 26/06/13 23:57, Bill Burke wrote:
>>>> Sorry, I want to be able to validate the client cert within the
>>>> application servlet.
>>>>
>>>> On 6/26/2013 6:56 PM, Bill Burke wrote:
>>>>> I think you misunderstood me. Not looking for client-cert auth. I want
>>>>> to be able to validate the client server within the application servlet.
>>>>>
>>>>> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>>>>>> It can do it already but config is going to change in future.
>>>>>>
>>>>>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do it.
>>>>>>
>>>>>> Basicly you have to setup securityRealm with server ssl cert, then setup
>>>>>> securtiy constraints for web app
>>>>>>
>>>>>> That test we have in testsuite also tests mapping client certs to users via
>>>>>> CertificateRoles security module.
>>>>>>
>>>>>> --
>>>>>> tomaz
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: undertow-dev-bounces at lists.jboss.org [mailto:undertow-dev-
>>>>>>> bounces at lists.jboss.org] On Behalf Of Bill Burke
>>>>>>> Sent: Thursday, June 27, 2013 12:11 AM
>>>>>>> To: undertow-dev at lists.jboss.org
>>>>>>> Subject: [undertow-dev] certs
>>>>>>>
>>>>>>> I need to be able to client certs in the following manner:
>>>>>>>
>>>>>>> * Set the server to WANT client certs so that it is optional
>>>>>>> * Obtain certificate at the servlet layer so I can validate it myself.
>>>>>>>
>>>>>>> Can Undertow do these yet? Just want to know so I can create the
>>>>>>> appropriate jiras.
>>>>>>>
>>>>>>> --
>>>>>>> Bill Burke
>>>>>>> JBoss, a division of Red Hat
>>>>>>> http://bill.burkecentral.com
>>>>>>> _______________________________________________
>>>>>>> undertow-dev mailing list
>>>>>>> undertow-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the undertow-dev
mailing list