geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Zink <jochen.z...@nepatec.de>
Subject Authentication/Authorisation with client certificates
Date Wed, 07 Feb 2007 14:47:24 GMT
Hallo,

First: I'm using Geronimo 1.1.1 with tomcat

I tried to secure a WebApplication. Only Clients with trusted
certificates are able to connect.

So, I have defined a new https listener with a Keystore that contains
the server certificate and Private Key and a TrustStore with an trusted
certificate.

It is working pretty well. Only Clients with the correct Certificate can
connect.

Now, I will find out, with which certificate the current Client has
connected. With this information I want to authenticate the user.

A call of request.getUserPrincipal() or request.getRemoteuser() returns
null.

So I tried to configure a certificate security realm.

The realm seams to work. It is not possible to connect to the
Application, If I try to connect (over my own SSLlistener) with a not
trusted certificate. But If I try to connect with a trusted Certificate,
I become the exception you can see at the end of my post.

I don't know if I have to declare both thinks, a https listener with
client auth enabled and a certificate security realm. It seams to be
different thinks for me.

So, can anybody help me or knows a solution with which the problem can
be solved?

Thanks to everyone how has read my post.



14:12:52,546 WARN  [TomcatGeronimoRealm] Login exception authenticating
username "CN=Jochen Zink,OU=Privat,O=ganz
Privat,L=Hannover,ST=Niedersachsen,C=DE"
javax.security.auth.login.LoginException: Error filling callback list
    at
org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLoginProxy.java:78)
    at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLogin(JaasLoginCoordinator.java:199)
    at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login(JaasLoginCoordinator.java:120)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    at
org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:320)
    at
org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:279)
    at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:148)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
    at
org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:342)
    at
org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:31)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
    at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.callback.UnsupportedCallbackException
    at
org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler.handle(CertificateChainCallbackHandler.java:49)
    at
javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955)
    at java.security.AccessController.doPrivileged(Native Method)
    at
javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951)
    at
org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLoginProxy.java:70)
    ... 29 more


Mime
View raw message