tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Difficulty with SSL authentication without client certificate
Date Thu, 27 Nov 2003 07:20:33 GMT
For what you want, I'd probably go with a Filter that stores the Principal
under a "well-known-name" for use by the Servlet.  For Container level
security, it is clearly an error if the client won't provide a client-cert.

Note:  I consider that the fact that you are getting any response at all to
be a bug (which I plan to look into;).  If the client doesn't provide a
cert, then the connection should be rudely terminated.

"Lira, Alesio" <> wrote in message
Hello there.

I've tried to configure a security realm for pages; that if a user
certificate is present it will be used, but if it doesn't exist the
application will resolve the situation with the user authentication level
already known.
After wrestling with the web.xml parameters and defining a user realm; I
have found that Tomcat ( 4.1.27 ) returns a BAD REQUEST; and control is
never ever given to the user realm defined. So, I turned into the source

In org.apache.catalina.authenticator.SSLAuthenticator.authenticate(), I've
found this :

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message