tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From johannes.fi...@fwd.at
Subject Client Authentication using Tomcat
Date Mon, 21 Apr 2003 19:48:41 GMT
Hi there,

I just scanned the mailinglist searching for some documentation about the 
internals of client authentication using Tomcat.
Does anybody know any document/HOWTO describing how to set client 
authentication up and how it works?

So far, I've created client certificates (P12-Files) using BouncyCastle 
and would now like to use them to perform client authentication using 
Tomcat. 

After reading some posts here, it seems one only has to set 
clientAuth=true in server.xml to have the server doing SSLv3 Client 
Authentication, but how does the server know which users are allowed to 
access a specific resource? Is there any standard way of performing such 
checks or do I have to check this manually comparing X509Certificate-DNs 
with a list of allowed DNs in my servlet? I found a method "isUserInRole" 
in HttpServletRequest, but it doesn't seem immedialely linked to how to 
check useraccess with client certificates.

Any help is appreciated,
Johannes
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message