tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Client Authentication using Tomcat
Date Tue, 22 Apr 2003 20:26:08 GMT
Hi Mark,

I use Windows 2000 Professional and Linux in pre-production and AIX in 
I use Apache Tomcat 4.1.24 with JDK 1.4 on Win 2000 and Tomcat 4.1.12 and 
JDK 1.3 in pre-production/production, so this is quite mixed, but I hope 
it doesn't rely on OS or JDK dependencies. 

1.) Can you please send some links to installation instructions how to set 
this up and maybe some hints?
It seems there is not yet an official source of information available. I 
only got the clientAuth=true from somewhere in this forum.

2.) It seems I only have to set clientAuth=true in server.xml, and add the 
users to tomcat-users.xml.
But this seems to be quite tedious, because I have to stop/start tomcat 
for adding just one user?
Or is it possible to use an asterisk to allow all certificates from a 
certain type?

Do you know more about this?

thx alot

"Mark W. Webb" <> 
21.04.2003 21:55
Please respond to
"Tomcat Users List" <>

Tomcat Users List <>

Re: Client Authentication using Tomcat

I have gotten it all working.  I have used openssl to create all of my 
I compiled openssl, apache, and mod_jk from source to get it all working.

What version of apache ?
Are you using win/unix ? wrote:

>Hi there,
>I just scanned the mailinglist searching for some documentation about the 

>internals of client authentication using Tomcat.
>Does anybody know any document/HOWTO describing how to set client 
>authentication up and how it works?
>So far, I've created client certificates (P12-Files) using BouncyCastle 
>and would now like to use them to perform client authentication using 
>After reading some posts here, it seems one only has to set 
>clientAuth=true in server.xml to have the server doing SSLv3 Client 
>Authentication, but how does the server know which users are allowed to 
>access a specific resource? Is there any standard way of performing such 
>checks or do I have to check this manually comparing X509Certificate-DNs 
>with a list of allowed DNs in my servlet? I found a method "isUserInRole" 

>in HttpServletRequest, but it doesn't seem immedialely linked to how to 
>check useraccess with client certificates.
>Any help is appreciated,

To unsubscribe, e-mail:
For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message