tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahesh S Kudva" <mahesh.ku...@robosoftin.com>
Subject Re: Certificate Authentication for individual apps
Date Sat, 02 Jul 2005 10:36:00 GMT
Dear All

My developer give me a .war file which I place it as 
jboss/server/default/deploy/test.war

Thus I have around 5 .war placed in the server. All the apps are 
presently accessed using https://myorg.com:8080/test1/, 
https://myorg.com:8080/test2/ ... and so on.

Next I want to implement client auth for certain apps.

How do i go about it.??

Regards & Thanks
================
Mahesh S Kudva


-----Original Message-----
From: "Bill Barker" <wbarker@wilshire.com>
To: tomcat-user@jakarta.apache.org
Date: Fri, 1 Jul 2005 21:56:37 -0700
Subject: Re: Certificate Authentication for individual apps

> 
> "Mahesh S Kudva" <mahesh.kudva@robosoftin.com> wrote in message 
> news:WorldClient-F200507020928.AA28031909@robosoftin.com...
> > Hi All
> >
> > Thanks for the note. May be I was not clear in my earlier mail.
> >
> >
> > I have client authentication using certificates. I want to skip
> client
> > auth for certain hosted applications on the server but preserve
> client
> > auth for other apps.
> >
> 
> On the Connector leave the 'clientAuth' attribute as 'false' (or use 
> 'want', if you really want to be annoying :).  Then in the webapps that
> care 
> setup your web.xml files with something like:
>   <login-config>
>        <auth-method>CLIENT-CERT</auth-method>
>   </login-config>
> 
> In this case, any page protected by a <security-constraint> will force
> the 
> user to send a client-cert.  Unfortunately, most of the
> production-quality 
> Realms that ship with Tomcat don't support CLIENT-CERT auth.
> 
> For 4.1.x <= tcversion <= 5.0.x, there is also a request attribute that
> you 
> can use to do the same thing.  If you need it, search the archives.
> 
> > Regards & Thanks
> > ================
> > Mahesh S Kudva
> >
> >
> > -----Original Message-----
> > From: Paul Singleton <paul@jbgb.com>
> > To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > Date: Fri, 01 Jul 2005 15:32:12 +0100
> > Subject: Re: Certificate Authentication for individual apps
> >
> >> Mahesh S Kudva wrote:
> >>
> >> > How can I have different certificate authentication for different
> >> applications and skip certificate
> >> > authentication for some applications hosted on the same server.
> >>
> >> I believe that, at least under SSL, certificates authenticate
> >> *servers* not applications, and that the Connector offers a
> >> certificate before it checks, or regardless of, the context
> >> path within that server.
> >>
> >> So you need to deploy each app at a different (virtual) host,
> >> each with a different IP address.  We do this currently with
> >> 5.5.9.  You can use the default keystore for all hosts, and
> >> use the (undocumented) keyAlias="myalias" Connector attribute
> >> to offer the appropriate certificate for each host, e.g.
> >>
> >> <Connector
> >>   address="288.104.197.211"
> >>   port="8443"
> >>   scheme="https"
> >>   secure="true"
> >>   sslProtocol="TLS"
> >>   keyAlias="mrk2"
> >> />
> >>
> >> (in 5.5.9 you also need sslProtocol="TLS" explicitly)
> >>
> >> Paul Singleton
> >>
> >>
> >> -- 
> >> No virus found in this outgoing message.
> >> Checked by AVG Anti-Virus.
> >> Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date:
> >> 30/Jun/2005
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> > -------------------------------------------------------
> > Robosoft Technologies - Partners in Product Development 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



-------------------------------------------------------
Robosoft Technologies - Partners in Product Development



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message