tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivo Matheis" <ivo.math...@web.de>
Subject Client Authentication in combination with a realm
Date Fri, 01 Aug 2003 10:56:06 GMT
Hi,

I'm using Tomcat 4.0.6 and configured it for client authentication. This works fine. 
Then I tried to add a realm to a certain webapp in order to control access. As I have read
in several sources either the client certificates Common Name or the complete Distinguished
name are used to identify the user (i.e. CN or DN must be identical to username in Tomcat's
users.xml-file in order to identify the user.).
I tried both the CN or DN string as username in users.xml, but when accessing the secured
webapp I get a 401 - Cannot authenticate with the provided credentials...
What is wrong? Does that kind of authentication not work with users.xml?

Thanks, Ivo

PS: this is a snippet of my secured webapp's web.xml:
<security-constraint>
   <web-resource-collection>
      <web-resource-name>foo client auth</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
   </web-resource-collection>
   <auth-constraint>
      <role-name>foo</role-name>
   </auth-constraint>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>
<login-config>
   <auth-method>CLIENT-CERT</auth-method>
   <realm-name>foobar</realm-name>
</login-config>
<security-role>
   <role-name>foo</role-name> 
</security-role>

<!-- my client certificate's CNis "Ivo Matheis -->
<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="Ivo Matheis" password="null" roles="foo" />
</tomcat-users>



______________________________________________________________________________
Spam-Filter fuer alle - bester Spam-Schutz laut ComputerBild 15-03
WEB.DE FreeMail - Deutschlands beste E-Mail - http://s.web.de/?mc=021120


Mime
View raw message