Comments on: Reversed DN in WebLogic 8.1.4 http://monduke.com/2006/03/01/reversed-dn-in-weblogic-814/ Covering J2EE Security and WebLogic Topics Tue, 13 Apr 2010 01:53:49 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: Mike Fleming http://monduke.com/2006/03/01/reversed-dn-in-weblogic-814/comment-page-1/#comment-12 Mike Fleming Fri, 03 Mar 2006 01:45:54 +0000 http://monduke.com/?p=25#comment-12 Steve, Thanks for commenting and for the tip. It would be nice if they presented the DN in the order in which you'd find the entry in LDAP--most general to most specific. Alphabetical order, LOL. That's a good one. At least Certicom didn't do THAT! Mike Steve,

Thanks for commenting and for the tip.

It would be nice if they presented the DN in the order in which you’d find the entry in LDAP–most general to most specific.

Alphabetical order, LOL. That’s a good one. At least Certicom didn’t do THAT!

Mike

]]> By: Steve Nakhla http://monduke.com/2006/03/01/reversed-dn-in-weblogic-814/comment-page-1/#comment-11 Steve Nakhla Thu, 02 Mar 2006 16:05:37 +0000 http://monduke.com/?p=25#comment-11 I know where I've seen <i>THAT</i> problem before. If all you need the DN for is comparing certs for authorization, etc., then it's a whole lot easier to use getSubjectX500Principal().equals() for your comparison. BEA isn't the only implementation that does this, though. I've seen a couple other JCE implementations that print out the X.500 attributes in weird orders. I've even seen one that just puts them in alphabetical order (C=US, CN=Joe Schmoe, O=blah blah, OU=Bubba, UID=whatever). Doesn't make much sense to me, but whatever. I know where I’ve seen THAT problem before. If all you need the DN for is comparing certs for authorization, etc., then it’s a whole lot easier to use getSubjectX500Principal().equals() for your comparison. BEA isn’t the only implementation that does this, though. I’ve seen a couple other JCE implementations that print out the X.500 attributes in weird orders. I’ve even seen one that just puts them in alphabetical order (C=US, CN=Joe Schmoe, O=blah blah, OU=Bubba, UID=whatever). Doesn’t make much sense to me, but whatever.

]]>