tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Dahbura <tony.dahb...@eds.com>
Subject help with client certificates
Date Mon, 10 Feb 2003 22:34:15 GMT
I am trying to setup an application in Tomcat to have certain areas
protected by client certificates.  The entire application is running
under ssl, but I need to set specific areas of it to be under control
within the web.xml file.  The piece I cannot figure out is how to do
this without defining realms.  I basically need to let anyone in as long
as they have a certificate.  I need to require the certificate and will
do checking within the application based on that.  This is very similar
to how the server behaves when using the clientAuth attribute for the
ssl connector.  I have the following in my web.xml file:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

 <servlet>
        <servlet-name>formsnoop</servlet-name>
        <servlet-class>debugaids.formsnoop</servlet-class>
    </servlet>

 <servlet>
        <servlet-name>certsnoop</servlet-name>
        <servlet-class>debugaids.certsnoop</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>mainHandler</servlet-name>
        <servlet-class>mainHandler</servlet-class>
                <load-on-startup>10</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>mainHandler</servlet-name>
        <url-pattern>/main</url-pattern>
    </servlet-mapping>

  <servlet-mapping>
        <servlet-name>formsnoop</servlet-name>
        <url-pattern>/formsnoop</url-pattern>
    </servlet-mapping>

  <servlet-mapping>
        <servlet-name>certsnoop</servlet-name>
        <url-pattern>/certsnoop</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>CertLDAP</web-resource-name>
   <url-pattern>/main</url-pattern>
   <url-pattern>/certsnoop</url-pattern>
  </web-resource-collection>
  <auth-constraint></auth-constraint>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

 <login-config>
  <auth-method>CLIENT-CERT</auth-method>
 </login-config>

</web-app>


I do not want to set the ssl connector to clientAuth as this will force
all my ssl requests to use certs.  Does anyone know how I can do this?

Thanks for any assistance,
Tony

--
Tony Dahbura




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message