tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: tomcat ssl client authentication
Date Thu, 13 Sep 2007 01:49:47 GMT

"Shuwen" <> wrote in message
> Hi,
>     I would like to find out how to configure client authentication when 
> enabling tomcat to run on https.  From 
>, it says that
>  *******************
>   For using clientAuth on a per-user or per-session basis, check out the 
> tips in Bugzilla 34643.
>  ******************
>  Does it mean that if I would like to configure client authentication, I 
> need to patch the .java file on

This is mostly about "advanced topics" (e.g. adding users on the fly, 
allowing the webapp to validate the cert).  Most people get by with putting:
in their web.xml file, and configuring the truststore* attributes on the 
<Connector /> in server.xml.

Note, if you apply the patch in 34643, then you are requiring your webapp to 
autherise access to resources based on the client cert.

>     I have found various sources on internet regarding the issue.  Can 
> anyone recommend a reliable way or point me to the reference for 
> configuring client authentication?

>  Thanks a lot in advance,
>  Shuwen
> ---------------------------------
> Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user 
> panel and lay it on us. 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message