tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41337] New: - Display an error page if no cert is available on CLIENT-CERT login
Date Wed, 10 Jan 2007 08:36:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41337>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41337

           Summary: Display an error page if no cert is available on CLIENT-
                    CERT login
           Product: Tomcat 5
           Version: 5.0.20
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connector:HTTP
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: arminha@student.ethz.ch


If a client does not have a client certificate or doesn't select a client
certificate to be used for authentication, Tomcat does not display an error
page. It just does nothing (that the client would see).

Steps to reproduce:
1. configure an ssl connector and set clientAuth="false"
2. create a security-constaint in the web.xml of the webapp
3. set the login-config in the web.xml to this:
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
4. try to access the page without a client certificate

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message