tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christophe Warland <cwa_mail...@mail.com>
Subject Re: mod_jk, SSL and client certs
Date Fri, 28 Jul 2000 18:13:25 GMT

Hi Markus,

I am happy my DLL worked for you. I copy the newsgroup on this reply because
it might be helpful for someone else out there.

I have been able to access the client certificate in Tomcat through the
following settings (non-exhaustive list):

- in tomcat/conf/server.xml, add the following:
        <!-- Apache AJP13 support.  -->
        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler"
       value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
            <Parameter name="port" value="8009"/>
        </Connector>

        <!-- add your webapp>
        <Context path="/tintagel" docBase="c:/www/docs/cwarland.com/tintagel"
debug="0" reloadable="true" >
        </Context>

- in tomcat/conf/worker.properties:
      worker.list=ajp12, ajp13
      worker.ajp13.port=8009
      worker.ajp13.host=localhost
      worker.ajp13.type=ajp13

- in apache/conf/httpd.conf:
LoadModule jk_module modules/mod_jk.dll
<IfModule mod_jk.c>
  JkWorkersFile c:/www/conf/workers.properties
  JkLogFile  logs/jk.log
  JkLogLevel warn
  JkMount /*.jsp ajp13
  Alias /tintagel C:\www\docs\cwarland.com\tintagel
  <Location /tintagel/WEB-INF/ >
        AllowOverride None
        deny from all
  </Location>
  JkMount /tintagel/cert ajp13
</IfModule>

- in C:\www\docs\cwarland.com\tintagel\WEB-INF\server.xml:
    <servlet>
        <servlet-name>
            cert
        </servlet-name>
        <servlet-class>
            com.s1.exc.test.https.CertServlet
        </servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>
            cert
        </servlet-name>
        <url-pattern>
            /cert
        </url-pattern>
    </servlet-mapping>

- in com.s1.exc.test.https.CertServlet:
    Object o = request.getAttribute("javax.servlet.request.X509Certificate");

Depending on the Servlet engine, this object "o" might be a String
(Tomcat3.2-dev), a X509Certificate (Netscape ES) or something else. I don't
know what the current Tomcat3.2b2 returns because my code implicitly tests
for the class name of "o" and does the appropriate transaformation into a
X509Certificate object without outputing any debug info.

Good luck, and tell us how things are working for you!

Cheers,

Christophe


Markus.Breilmann@tamgroup.com wrote:

> Hi Christophe,
>
> that did it! Thanks for your help!
>
> Have you used SSL with mod_jk? The client certificate doesn't seem to get
> passed through to Tomcat...
>
> Markus
>
> =====================================================================
> This email message is for the sole use of the intended recipient(s)
> and may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited.
> If you are not the intended recipient, please contact the sender by
> reply email and destroy all copies of the original message
> =====================================================================
> Markus Breilmann                        markus.breilmann@tamgroup.com
> Director of Technology                           tel: +1.415.455.5770
> The Tamalpais Group, Inc.                        fax: +1.415.455.5771
> 11 Belle Avenue                                 web: www.tamgroup.com
> CA 94960 San Anselmo, USA
> PGP Fingerprint:             96E7 8096 E893 F6FD  A60B 97F3 7F5D 941D


Mime
View raw message