Editing the certificate Realm
The certificate realm supports SSL authentication. This realm sets up the user identity in the Application Server’s security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore and keystore files (see About Certificate Files). Add users to these files using keytool. For more information, see The J2EE 1.4 Tutorial chapter titled Security at http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.
With the certificate realm, J2EE containers handle authorization processing based on each user’s Distinguished Name (DN) from his or her certificate. The DN is the name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. For more information on key stores and trust stores, refer to the keytool documentation at http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html.
The following table lists the optional properties for the certificate realm.
Table 9–5 Optional properties for certificate realm|
Property |
Description |
|---|---|
|
assign-groups |
A comma-separated list of group names. All clients who present valid certificates are assigned to these groups. For example, employee,manager, where these are the names of user groups. |
|
jaas-context |
Type of login module to use for this realm. For the certificate realm, the value must be certificateRealm. |
See Also:
- © 2010, Oracle Corporation and/or its affiliates