tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Buus" <p...@tdc.dk>
Subject CLIENT-CERT in in single context
Date Mon, 13 Jun 2005 08:49:17 GMT
I'm running a tomcat 5.5.9 and Im trying to set up client certificate
authentication.
I only need users to present client certificate in one of my web
applications, therefore I have tried the following configuration

server.xml

   <!-- Define a SSL HTTP/1.1 Connector on port 443 -->
    <Connector port="443" maxHttpHeaderSize="8192"
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
     enableLookups="false" disableUploadTimeout="true"
     acceptCount="100" scheme="https" secure="true"
     clientAuth="false" 
     keystoreFile="sslcert.jks"
     keystorePass="rmi+ssl" 
     truststoreFile="ocesca.jks"
     truststorePass="ocesca" 
     sslProtocol="TLS" />

Note - clientAuth set to false, otherwise client certificates are
requested for all contexts

web.xml for the application that I want to be secured by client
certificate

<web-app>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>test</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
    </security-constraint>

    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
    </login-config>

</web-app>

This doesnt work - users of my secured application are not prompted for
client certificate, but are given immediate access.
What do I do wrong?

/peter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message