Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: neutral (herse.apache.org: local policy)
Message-ID: <4642C30F.7080308@sepo.dk>
Date: Thu, 10 May 2007 09:00:31 +0200
From: Subscriber <subscriber@sepo.dk>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Handling SSL Client Auth abort
References: <4639C91E.6080400@sepo.dk>
 <BAY133-DAV159A23CE29256603265147AE410@phx.gbl> <4639DE2B.9090903@sepo.dk>
 <AEF3D568DD1D9E428048C592AA16459705CB4233@USRV-EXCH4.na.uis.unisys.com>
 <463EF1B3.2090607@sepo.dk> <f1oq6q$b8j$1@sea.gmane.org>
In-Reply-To: <f1oq6q$b8j$1@sea.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Bill,

Thanks for your answer. I've tried to download the source code for 
Tomcat 5.5.23, but I can't find a JIO Connector. Is JIO an abbrevation 
for something? Can you point me to a place, where I can find the source 
code and possibly make my own patch?

regards,
kews

Bill Barker wrote:
> "Subscriber" <subscriber@sepo.dk> wrote in message 
> news:463EF1B3.2090607@sepo.dk...
>> Hi,
>>
>>>> ...unfortunately I never get that far where I can catch the exception. 
>>>> The exception is thrown within Tomcat and in my application code.
>>> (I'll assume there's a rather critical "not" missing from the last
>>> clause in the above sentence.)
>> Of course - NOT in my application code :-)
>>> If the client refuses the certificate or otherwise breaks the connection
>>> during the SSL negotiation, no servlet has been selected to receive the
>>> message, so there's no one to deliver the exception to.  The servlet
>>> spec doesn't seem to have any notion of container-oriented error pages,
>>> so I think you're out of luck without custom code inside Tomcat.
>>>
>>>  - Chuck
>> This is OK - but how do I put custom code into the Tomcat? I've already 
>> coded a custom realm for the purpose of verifying the certificate - could 
>> I use this realm to catch the exception?
>>
> 
> Nope.  The realm only gets called after the client sends the cert.  If she 
> cancels, then TC just returns an error.  You could use a Valve to see if 
> this has happened, but the socket has already been shutdown by this time (at 
> least with the JIO connector), so you can't send anything back to the 
> client.
> 
> I seem to remember that there is a patch in BZ for 5.5.x to modify the JIO 
> connector to handle this (but I'm too lazy to look it up :).  I don't know 
> the APR connector well enough to know how to make the same type of 
> modification there.
> 
>> Regards,
>> kews
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> __________ NOD32 2255 (20070509) Information __________
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
> 
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org