tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: HOW TO turn on client Certificate with pop "choose a digital certificate" window
Date Sat, 17 Feb 2007 01:58:55 GMT
I can see two ways to do this:
1) Tomcat-Specific:  Use clientAuth="want" on the Connector, and configure 
the webapp to use BASIC auth in web.xml.  You then add a Valve that looks 
for the cert, and authenticates the user based on the cert if possible.
2) Similar in that you still have clientAuth="want", but you have a Filter 
in your webapp that looks for the cert, and if it doesn't find it it returns 
a proper 401 response asking for Basic auth.  While this is portable across 
containers, it has the downside that it doesn't allow you to use 
container-managed security (e.g. <security-constraint>).

"Zhan, Jimmy" <jzhan@casham.com> wrote in message 
news:26D0B22D0A22D445916A05D3E8E6B54E042D3C53@MAIL.casham.com...
Hi,



   I have set up HTTPS for tomcat without client certificate, and it is
running good.  Now I want to turn on the client certificate.



   How can to config the tomcat, let pop a "Choose a digital
certificate" window, allow clients pick Choose a digital certificate,



   If failed , pop a new window to allow user input "User Name" and
"Password".



   In file servrer.xml ,  if change clientAuth="true", then when client
is not in the "truststoreFile",



                "The page cannot be display" comes out.



  If change clientAuth="want", then, tomcat ignores the result of
checking client certificate.



  Thanks in advance!!





Jimmy ZHAN



Cash America International













---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message