tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Kellstrand" <>
Subject How can I authenticate client apps to a servlet
Date Thu, 13 Nov 2003 14:36:12 GMT

I have a client-server application where the server is a Java servlet running
in Tomcat and the clients are Java applications.  I now want to secure the data
transfer and authenticate the clients that connect to the server.

I have set up Tomcat for SSL and created a self-signed certificate.  
I then modified the client code to use an https connection.

The client can look at the certificate, but what would I have it check to
verify it is authentic?

My main question though, what would be the best way to have each client authenticate
itself to the servlet?  Should I hand out certificates of some sort to each client?
If so, how do you create, send, and verify them in Java code?
Or should I just use a user/password authentication and check it either
at Tomcat or the servlet?

Thanks a bunch,

Mike Kellstrand

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message