[undertow-dev] Undertow: How to use client cert auth with roles
Dieter Bogdoll
dieter at bogdoll.net
Sun Dec 11 04:24:35 EST 2016
Stuart, thanks a lot!
That works for me. Super!
On Sun, Dec 11, 2016 at 1:47 AM Stuart Douglas <sdouglas at redhat.com> wrote:
> Here is an example of using servlet + client cert:
>
>
> https://github.com/undertow-io/undertow/commit/e8473ec35c420b782e072723d1e6338548def842
>
> Basically the IdentityManager implementation is responsible for
> retrieving the roles for a given user.
>
> Stuart
>
> On Sat, Dec 10, 2016 at 8:17 PM, Dieter Bogdoll <dieter at bogdoll.net>
> wrote:
> > Hello Mailinglist,
> >
> > I would like to use undertow for creating REST APIs.
> > I also would like to use HTTPS for communcation between client and
> server.
> > The user should authenticate itself with a client certificate. On the
> > server should be a component which takes the client certificate and
> > uses some other service (properties file, database, ...) to which roles
> > the user has (and therefor if and what parts of the REST API he can use).
> >
> > I think I know how to listen only to HTTPS, but I'm not sure how to
> extract
> > the relevant bits from the client certificate and how to set the
> > groups/roles.
> >
> > The solution should be compatible with the Servlet API. Is there some
> > example
> > code which I could look up, or some tutorial describing what I required?
> >
> > Best regards,
> > Dieter
> >
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20161211/170f3d79/attachment.html
More information about the undertow-dev
mailing list