tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: 3.3.1 Standalone and Client-Auth
Date Wed, 12 Feb 2003 06:42:33 GMT

"Alex Tang" <> wrote in message
> Hi folks.
> I was wondering if it's possible to get client certificate information
> from tomcat (3.3.1) when running STANDALONE (e.g. NOT using mod_jk or an
> external webserver).
> I can setup tomcat so that it requires client-auth properly, however I
> don't seem to be able to programmatically get at any of the certificate
> information.

This sounds like you've found the clientauth="true" attribute on the
Http10Connector element.  This causes Tomcat to requre a client cert for
each SSL request (unlike TC 4.x, it's an all-or-nothing setting).

You should then be able to access the top-level cert (all that can be
exposed under the 2.2 Servlet-spec :() via
'request.getAttribute("javax.servlet.request.X509Certificate")'.  As per
section 5.7 of the 2.2 spec, this will be of type

I haven't tried this with the Http10Connector for a very long time (it seems
to work fine with the 3.3.2-dev CoyoteConnector).  If you are still having
problems, please report it to

> Also, yes, i know that this is possible (and i have done it) using apache
> and mod_jk, however due to various reasons, i can not run ANY web server
> (groan...) on the machine, so i need to be able to do this standalone.
> Thanks.
> ...alex...

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message