tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Handling SSL Client Auth abort
Date Tue, 08 May 2007 03:19:26 GMT

"Subscriber" <subscriber@sepo.dk> wrote in message 
news:463EF1B3.2090607@sepo.dk...
> Hi,
>
>>> ...unfortunately I never get that far where I can catch the exception. 
>>> The exception is thrown within Tomcat and in my application code.
> >
>> (I'll assume there's a rather critical "not" missing from the last
>> clause in the above sentence.)
> Of course - NOT in my application code :-)
>> If the client refuses the certificate or otherwise breaks the connection
>> during the SSL negotiation, no servlet has been selected to receive the
>> message, so there's no one to deliver the exception to.  The servlet
>> spec doesn't seem to have any notion of container-oriented error pages,
>> so I think you're out of luck without custom code inside Tomcat.
>>
>>  - Chuck
>
> This is OK - but how do I put custom code into the Tomcat? I've already 
> coded a custom realm for the purpose of verifying the certificate - could 
> I use this realm to catch the exception?
>

Nope.  The realm only gets called after the client sends the cert.  If she 
cancels, then TC just returns an error.  You could use a Valve to see if 
this has happened, but the socket has already been shutdown by this time (at 
least with the JIO connector), so you can't send anything back to the 
client.

I seem to remember that there is a patch in BZ for 5.5.x to modify the JIO 
connector to handle this (but I'm too lazy to look it up :).  I don't know 
the APR connector well enough to know how to make the same type of 
modification there.

> Regards,
> kews
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message