Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 42728 invoked from network); 22 Sep 2005 06:46:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 Sep 2005 06:46:25 -0000 Received: (qmail 29884 invoked by uid 500); 22 Sep 2005 06:46:07 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 29864 invoked by uid 500); 22 Sep 2005 06:46:07 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 29843 invoked by uid 99); 22 Sep 2005 06:46:06 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Sep 2005 23:46:06 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=FORGED_RCVD_HELO,HTML_30_40,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [217.167.123.231] (HELO systemeu-av-smtp1.gmessaging.net) (217.167.123.231) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Sep 2005 23:46:14 -0700 Received: from systemeu-relay1.cesson.gm-adm (localhost [127.0.0.1]) by systemeu-av-smtp1.gmessaging.net (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IN700M1THG8ZF@systemeu-av-smtp1.gmessaging.net> for tomcat-user@jakarta.apache.org; Thu, 22 Sep 2005 08:45:45 +0200 (MEST) Received: from u3antn15.ouest.systeme-u.fr (relais-ouest.systemeu.gmessaging.net.tld [10.176.4.75]) by systemeu-av-smtp1.gmessaging.net (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IN700K0AHG8ML@systemeu-av-smtp1.gmessaging.net> for tomcat-user@jakarta.apache.org; Thu, 22 Sep 2005 08:45:44 +0200 (MEST) Received: from OUEST-MTA by u3antn15.ouest.systeme-u.fr with Novell_GroupWise; Thu, 22 Sep 2005 08:45:41 +0200 Date: Thu, 22 Sep 2005 08:45:25 +0200 From: Antony GUILLOTEAU Subject: =?ISO-8859-1?Q?R=E9p.=20:=20Re:=20How=20show=20CLIENT-CERT=20Rea?= =?ISO-8859-1?Q?lm?= To: markt@apache.org, tomcat-user@jakarta.apache.org Message-id: MIME-version: 1.0 X-Mailer: Novell GroupWise Internet Agent 6.5.4 Content-type: multipart/alternative; boundary="Boundary_(ID_Z/RIv44D/R+ZylUcKPsYaQ)" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --Boundary_(ID_Z/RIv44D/R+ZylUcKPsYaQ) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Thanks. Like I've found nothing, I'm choosing a solution like this. So it is impossible to show CLIENT-CERT realm like response.setHeader("WWW-Authenticate", "CLIENT-CERT realm=\"myName\""); I've an another question : how to redirect an request to the secure port within a serlvet ? I post a new message. >>> markt@apache.org 21/09/2005 21:15:39 >>> Antony GUILLOTEAU wrote: > I'm able to show the login window of a basic realm with following code : > response.setHeader("WWW-Authenticate", "BASIC realm=\"myName\""); > response.sendError(HttpServletResponse.SC_UNAUTHORIZED); > > Now I wish to show the window like CLIENT-CERT : when all realm parameters are set in the web.xml that 's work fine. But I want to do the same thing programmaticly with response.sendError(HttpServletResponse.SC_UNAUTHORIZED). > > I think it is done in the tomcat code ... but where ? > > Thanks It is done in o.a.c.authenticator.AuthenticatorBase and the process is basically issue a redirect to SSL. You will need to set the clientAuth attribute on the connector to true to require all connections to present a client certificate. If you want to validate the clienbt certificate, have a look at o.a.c.authenticator.SSLAuthenticator Mark --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org --Boundary_(ID_Z/RIv44D/R+ZylUcKPsYaQ)--