appserver/admingui/common/src/main/help/en/help/ref-editcertrealm.html - glassfish - Git at Google

 <!--

     Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.

     This program and the accompanying materials are made available under the
     terms of the Eclipse Public License v. 2.0, which is available at
     http://www.eclipse.org/legal/epl-2.0.

     This Source Code may also be made available under the following Secondary
     Licenses when the conditions for such availability set forth in the
     Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
     version 2 with the GNU Classpath Exception, which is available at
     https://www.gnu.org/software/classpath/license.html.

     SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

 -->

 <p><a id="ref-editcertrealm" name="ref-editcertrealm"></a><a id="GHCOM00101" name="GHCOM00101"></a></p>

 <h4><a id="sthref202" name="sthref202"></a><a id="sthref203" name="sthref203"></a>Properties Specific to the <code>CertificateRealm</code> Class</h4>
 <a name="BEGIN" id="BEGIN"></a>
 <p>The <code>certificate</code> realm supports SSL authentication. This realm sets up the user identity in the GlassFish Server's security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore and keystore files. Add users to these files using <code>keytool</code> or <code>certutil</code>. For more information, see <a href="http://www.oracle.com/pls/topic/lookup?ctx=dsc&amp;id=/app/docs/doc/821-1841#gijrp">Part&nbsp;VII, <i>Security,</i> in <i>The Java EE 6 Tutorial</i></a>.</p>
 <p>With the <code>certificate</code> realm, Java containers handle authorization processing based on each user's Distinguished Name (DN) from his or her certificate. The DN is the name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. For more information on key stores and trust stores, refer to the keytool documentation (<code><a href="http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html">http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html</a></code>).</p>
 <p>The following optional property is available for the <code>certificate</code> realm.</p>
 <dl>
 <dt>Assign Groups</dt>
 <dd>
 <p>A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, <code>employee,manager</code>, where these are the names of user groups.</p>
 </dd>
 </dl>


 <small>Copyright &#169; 2005, 2017, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></small>
	<!--

	Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.

	This program and the accompanying materials are made available under the
	terms of the Eclipse Public License v. 2.0, which is available at
	http://www.eclipse.org/legal/epl-2.0.

	This Source Code may also be made available under the following Secondary
	Licenses when the conditions for such availability set forth in the
	Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
	version 2 with the GNU Classpath Exception, which is available at
	https://www.gnu.org/software/classpath/license.html.

	SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

	-->

	<p><a id="ref-editcertrealm" name="ref-editcertrealm"></a><a id="GHCOM00101" name="GHCOM00101"></a></p>

	<h4><a id="sthref202" name="sthref202"></a><a id="sthref203" name="sthref203"></a>Properties Specific to the <code>CertificateRealm</code> Class</h4>
	<a name="BEGIN" id="BEGIN"></a>
	<p>The <code>certificate</code> realm supports SSL authentication. This realm sets up the user identity in the GlassFish Server's security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore and keystore files. Add users to these files using <code>keytool</code> or <code>certutil</code>. For more information, see <a href="http://www.oracle.com/pls/topic/lookup?ctx=dsc&id=/app/docs/doc/821-1841#gijrp">Part VII, <i>Security,</i> in <i>The Java EE 6 Tutorial</i></a>.</p>
	<p>With the <code>certificate</code> realm, Java containers handle authorization processing based on each user's Distinguished Name (DN) from his or her certificate. The DN is the name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. For more information on key stores and trust stores, refer to the keytool documentation (<code><a href="http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html">http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html</a></code>).</p>
	<p>The following optional property is available for the <code>certificate</code> realm.</p>
	<dl>
	<dt>Assign Groups</dt>
	<dd>
	<p>A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, <code>employee,manager</code>, where these are the names of user groups.</p>
	</dd>
	</dl>


	<small>Copyright © 2005, 2017, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></small>