tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paulo Alvim" <al...@powerlogic.com.br>
Subject RES: [java] RE: bug JDBC Real with CLIENT-CERT
Date Wed, 01 Dec 2004 21:25:26 GMT
Thanks, Mark...

Please let us know when you have more infs about TC5 and JNDI
Realm/CLIENT-CERT, ok?

Just to be sure:

Since I can have just one login-config per application, I will have to work
with two WARs (one for each configuration)...if I need to have both "form
based" and "cert based" authentication in the same application, right?

Do you know any better workaround?

Paulo Alvim.


-----Mensagem original-----
De: Mark Thomas [mailto:markt@apache.org]
Enviada em: quarta-feira, 1 de dezembro de 2004 16:43
Para: 'Tomcat Users List'
Assunto: RE: [java] RE: bug JDBC Real with CLIENT-CERT


I haven't looked at the JNDI realm at all. There is an outstanding bug
against
this and CLIENT-CERT for TC4 so I will get to it eventually (I'll port the
fix
to TC5 if it needs it).

The spec states that you can have no more than 1 login-config per
application.

If a fix is needed, you are going to have to migrate to the version that
includes the fix.

Mark

> -----Original Message-----
> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Sent: Tuesday, November 30, 2004 1:09 PM
> To: Tomcat Users List
> Subject: RES: [java] RE: bug JDBC Real with CLIENT-CERT
>
> Thanks for your answer, Mark...
>
> I'm sorry...I was talking about JNDIRealm. We use it to
> authenticate to
> ActiveDirectory with the configuration bellow (names changed):
>
>  <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="0"
>    connectionURL="ldap://plcbhdc:389"
> connectionName="cn=alvim,cn=Users,dc=powerlogic"
> connectionPassword="1234567"
>         userBase="cn=Users,dc=powerlogic"
> userSearch="sAMAccountName={0}"
> userSubtree="true" roleBase="CN=Builtin,dc=powerlogic"
>       roleSearch="(member={0})" roleSubTree="true"
> userRoleName="member"
>       roleName="cn" />
>
> ...and sometimes against our database schema:
>
>  <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="0"
>              driverName="oracle.jdbc.driver.OracleDriver"
>           connectionURL="jdbc:oracle:thin:@plcxdb:1521:oraxxxxx"
>          connectionName="xxxxxxx3" connectionPassword="xxxxx"
>               userTable="EC_USUARIO" userNameCol="LOGIN"
> userCredCol="SENHA"
>           userRoleTable="EC_GRUPOXUSUARIO" roleNameCol="NOME_GRUPO"
> digest="SHA"/>
>
> We need to use CLIENT-CERT together with FORM-BASED
> authentication - is it
> possible to use both in the same WAR?
>
> We could make CLIENT-CERT work with MemoryReal but since we
> couldn't make it
> work with JDBCRealm we are wondering it won't work with JNDI
> too (we can't
> test this at this moment)...
>
> We are using Tomcat 5.0.28 and we didn't like to migrate it,
> because our
> apps are running ok...only if necessary...
>
> Thanks again!
>
> Alvim
>
>
>
> -----Mensagem original-----
> De: Mark Thomas [mailto:markt@apache.org]
> Enviada em: segunda-feira, 29 de novembro de 2004 18:31
> Para: 'Tomcat Users List'
> Assunto: RE: [java] RE: bug JDBC Real with CLIENT-CERT
>
>
> The JDBC stuff is all there and works. I don’t understand how
> this then fits
> in
> with AD/LDAP? Could you enlighten me? I assume you don't mean
> the JNDI realm
> (which I haven't done anything with or even tested if
> CLIENT-CERT will work
> with)
>
> Mark
>
> > -----Original Message-----
> > From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> > Sent: Monday, November 29, 2004 9:47 PM
> > To: Tomcat Users List
> > Cc: raphael@powerlogic.com.br
> > Subject: RES: [java] RE: bug JDBC Real with CLIENT-CERT
> >
> > Thanks, Mark!
> >
> > Could you tell me if my kind of issues (JDBC/Ldap Realm)
> are there?...
> >
> >
> > Alvim.
> >
> > -----Mensagem original-----
> > De: Mark Thomas [mailto:markt@apache.org]
> > Enviada em: segunda-feira, 29 de novembro de 2004 17:02
> > Para: 'Tomcat Users List'
> > Assunto: [java] RE: bug JDBC Real with CLIENT-CERT
> >
> >
> > I committed some patches to support CLIENT-CERT to 5.5.x
> > recently. Should be
> > in
> > the next release. If you want them now, you can always grab
> > them from CVS.
> >
> > Mark
> >
> > > -----Original Message-----
> > > From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> > > Sent: Monday, November 29, 2004 4:02 PM
> > > To: Tomcat Users List
> > > Subject: bug JDBC Real with CLIENT-CERT
> > >
> > > Hi,
> > >
> > > I'm trying to use Client-Cert authentication with Tomcat
> > > 5.0.28. I could
> > > make it work using Memory Realm but when I changed to
> > > JDBCRealm I received
> > > an authorization error...
> > >
> > > In truth, it seems that there's a bug with Client-Cert and
> > > others Realm
> > > since 4.x.
> > >
> > > I've just read about that in a few links:
> > >
> > > http://issues.apache.org/bugzilla/show_bug.cgi?id=30352
> > >
> > > http://www.junlu.com/msg/43156.html
> > >
> > > Anyone could update that information? Is there any fix or
> > > patchs in Tomcat
> > > 5.0.28? I'll need to use it with JDBCRealm and with LDAP (Active
> > > Directory)...
> > >
> > > Thanks a lot!
> > >
> > > Paulo Alvim
> > > Powerlogic - Brazil
> > >
> > >
> > > -----Mensagem original-----
> > > De: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> > > Enviada em: sábado, 27 de novembro de 2004 14:20
> > > Para: Tomcat Users List
> > > Assunto: RES: [work] CLIENT-CERT
> > >
> > >
> > > Hi,
> > >
> > > The questions are:
> > >
> > > 1. Is it possible to use two authentication methods (FORM and
> > > CLIENT_CERT)
> > > in the same J2EE application?
> > >
> > > 2. If so, how could we do it in Tomcat 5.0.19?
> > >
> > > Thanks in advance!
> > >
> > > Paulo Alvim/Raphael
> > > Powerlogic - Brazil
> > >
> > > -----Mensagem original-----
> > > De: Raphael Gallo [mailto:raphael@powerlogic.com.br]
> > > Enviada em: sexta-feira, 26 de novembro de 2004 17:44
> > > Para: Tomcat Users List
> > > Assunto: [work] CLIENT-CERT
> > >
> > >
> > > Hi,
> > >
> > >
> > >         It´s possible use FORM authentication and CLIENT-CERT
> > > in the same
> > > application. How can I do this ?
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Raphael Gallo
> > > raphael@powerlogic.com.br
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message