Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5909

TLS Authenticated Handshake and Authentication/Authorization with JAAS by TLS Certificate

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      Hi All!

      I haven't found such functionality in CXF, so I have created one.
      So if there is anybody who see a value of doing JAAS authentication with TLS Authenticated handshake certificate, then I can prepare patches to 3.x branch and 2.x branch.
      I already got this working, but more work need to be done (like unit tests) before submitting a patch to Apache Community. So just want to be sure that my work will not be wasted.
      Once when I will receive a patch share request, I will prepare it and submit to JIRA.

      Some description of Authentication/Authorization functionality
      Well when CXF is used with Mutual Authentication, client key is verified by servlet container in background. So this layer is responsible for doing some authentication. Then certificate seems to be wasted and client have to use UserToken to authenticate again and let the authorization be done in future.

      So the idea is to take some information from message like:

      TLSSessionInfo tlsSessionInfo = message.get(TLSSessionInfo.class);
      

      Extract for example a mail from certificate, then use JAAS to do authentication and take roles assigned to this email to let the Authorization be done in future.
      All done with InInterceptor just like with JAASLoginInInterceptor.
      So it is quite simple.

      Waiting for feedback.
      Once received a confirmation, will prepare patches with junit tests.

      Greetings
      Piotr Klimczak

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nannou9 Piotr Klimczak
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 16h
                  16h
                  Remaining:
                  Remaining Estimate - 16h
                  16h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified