tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: Tomcat and client certificates
Date Fri, 03 Feb 2006 09:19:31 GMT
Markus a écrit :

>Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
>goes away. (Wtf is this documented?).
>
Yes it is documented:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Section 'Edit the Tomcat Configuration File'

> But I still get the 403 - Access
>denied error.
>  
>
This mean client didn't send a certificate or certificate was not recognized

>Here is how I added the users certificate to my realm:
>
>web.xml:
>
>	<security-constraint>
>		<web-resource-collection>
>			<url-pattern>/html/*</url-pattern>
>			<http-method>POST</http-method>
>			<http-method>GET</http-method>
>		</web-resource-collection>
>		<auth-constraint>
>			<role-name>myrole</role-name>>
>         </auth-constraint>
>		<user-data-constraint/>
>	</security-constraint>
>
>	<login-config>
>		<auth-method>CLIENT-CERT</auth-method>
>	</login-config>
>
>	<security-role>
>		<role-name>myrole</role-name>
>	</security-role>
>
>tomcat-users.xml:
>
><tomcat-users>
>  <role rolename="myrole"/>
>  <user username="EMAILADDRESS=mark... , CN=markus...., OU=..., O=...
>, L=...., ST=... C=..." password="" roles="myrole"/>
></tomcat-users>
>
>As username I used exactly the cert.getSubjectDN().getName() String
>from the client certificate.
>  
>
>Is this ok?
>  
>
Did you escape the quote character of subject line using &quot; ?

>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message