tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus <axi...@googlemail.com>
Subject Re: Tomcat and client certificates
Date Thu, 02 Feb 2006 10:35:11 GMT
Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
goes away. (Wtf is this documented?). But I still get the 403 - Access
denied error.

Here is how I added the users certificate to my realm:

web.xml:

	<security-constraint>
		<web-resource-collection>
			<url-pattern>/html/*</url-pattern>
			<http-method>POST</http-method>
			<http-method>GET</http-method>
		</web-resource-collection>
		<auth-constraint>
			<role-name>myrole</role-name>>
         </auth-constraint>
		<user-data-constraint/>
	</security-constraint>

	<login-config>
		<auth-method>CLIENT-CERT</auth-method>
	</login-config>

	<security-role>
		<role-name>myrole</role-name>
	</security-role>

tomcat-users.xml:

<tomcat-users>
  <role rolename="myrole"/>
  <user username="EMAILADDRESS=mark... , CN=markus...., OU=..., O=...
, L=...., ST=... C=..." password="" roles="myrole"/>
</tomcat-users>

As username I used exactly the cert.getSubjectDN().getName() String
from the client certificate.

Is this ok?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message