tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus <axi...@googlemail.com>
Subject Re: Tomcat and client certificates
Date Wed, 01 Feb 2006 14:22:03 GMT
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?

This is my current configuration:

In server.xml:
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="\...\keystore.jks" keystorePass="wonttell"
               truststoreFile="\...\truststore.jks" truststorePass="wonttell"
               />

In web.xml:
	<security-constraint>
		<web-resource-collection>
			<url-pattern>/html/*</url-pattern>
		</web-resource-collection>
		<auth-constraint/>
		<user-data-constraint/>
	</security-constraint>
	<login-config>
		<auth-method>CLIENT-CERT</auth-method>
	</login-config>

And here are the results I get:

https://domain/anypage : OK
https://domain/html/anypage : HTTP Status 403 - Access to the
requested resource has been denied

The logfile says:

01.02.2006 15:19:57 org.apache.coyote.http11.Http11Processor action
WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed

What's wrong with my configuration?

Markus

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message