tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chaitresh" <chaitr...@hotmail.com>
Subject <login-config> <auth-method> CLIENT-CERT - How do I make it work????
Date Fri, 28 Dec 2001 23:41:08 GMT
Hi all,

Heres what I'm using:

OS: Win 2000
Tomcat version: 4
Client Browser: IE 5+


I am trying to protect a jsp/servlet resource in my website. I want to give access to the
resource if the right certificate is provided by the user. Making a ssl connection with client
authentication is not a problem. This is the part of my server.xml that allows ssl with client
authentication:

---- snip begin [server.xml] -----

<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5"
maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
  <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="true"
 protocol="TLS"/>
</Connector>
    
---- snip end [server.xml] -----


So whenever I go to my webserver (https://localhost:8443") IE pops up a list of certificates
that I can send back to the server. I select one of the many certificates that my website
has given me and send it back to the server.


_Heres my problem_:

At the server I want to check the Common Name in the certificate sent by the client. I figured
that I will be able to do so by getting the Principal via "request.getUserPrincipal()" and
digging into it. But it returns null. Then I realized that I must make some additions/changes
in the tomcat-users.xml and web.xml. But I am not really clear as to what these additions/changes
are and I have not found any good resource on the web explaining the same. Heres how parts
of my xml files look like:


---- snip begin [web.xml] -----

<security-constraint>
 <web-resource-collection>
 <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
  <role-name>tomcat</role-name>
 </auth-constraint>
</security-constraint>

<!-- Define the Login Configuration for this Application -->
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>Tomcat Manager Application</realm-name>
</login-config>

---- snip end [web.xml] -----

 

---- snip begin [tomcat-users.xml] -----

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />

  <!-- Common name in the clients certificate is 3763 -->
  <user name="3763"   password="tomcat" roles="tomcat"  />

</tomcat-users>

---- snip end [tomcat-users.xml] -----


The Common Name in the certificate is 3763 (the certificate I want to grant access to). However
I have know idea where the password comes into picture.

I am sure things are incorrect or missing, I'd really appreciate if anyone can help me.

Thanks
-Chaitresh


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message