tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: 3.3.1 Standalone and Client-Auth
Date Wed, 12 Feb 2003 06:42:33 GMT

"Alex Tang" <altitudespam@funkware.com> wrote in message
news:20030211212626.GD27246@funkware.com...
> Hi folks.
>
> I was wondering if it's possible to get client certificate information
> from tomcat (3.3.1) when running STANDALONE (e.g. NOT using mod_jk or an
> external webserver).
>
> I can setup tomcat so that it requires client-auth properly, however I
> don't seem to be able to programmatically get at any of the certificate
> information.
>

This sounds like you've found the clientauth="true" attribute on the
Http10Connector element.  This causes Tomcat to requre a client cert for
each SSL request (unlike TC 4.x, it's an all-or-nothing setting).

You should then be able to access the top-level cert (all that can be
exposed under the 2.2 Servlet-spec :() via
'request.getAttribute("javax.servlet.request.X509Certificate")'.  As per
section 5.7 of the 2.2 spec, this will be of type
java.security.cert.X509Certificate.

I haven't tried this with the Http10Connector for a very long time (it seems
to work fine with the 3.3.2-dev CoyoteConnector).  If you are still having
problems, please report it to http://nagoya.apache.org/bugzilla/.

> Also, yes, i know that this is possible (and i have done it) using apache
> and mod_jk, however due to various reasons, i can not run ANY web server
> (groan...) on the machine, so i need to be able to do this standalone.
>
> Thanks.
>
> ...alex...




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message