tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicolás Velásquez O." <gnico...@gmail.com>
Subject Problems with HTTPS Mutual authentication with big petitions
Date Fri, 04 Jan 2008 21:52:31 GMT

Hello, I'm running into problems when I try to configure tomcat to
validate the client by its https cert with big requests. I'm using it
with forms and when the send the form to the server with big
(10-15Kbytes) requests it fails, but when I send small (90 bytes)
requests it works.

I have on the web.xml a security constrain:
<security-constraint>
	<web-resource-collection>
		<web-resource-name>Mutual auth</web-resource-name>
		<url-pattern>/page1.htm</url-pattern>
		<url-pattern>/page2.htm</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>clientHttpsRole</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>
			CONFIDENTIAL
		</transport-guarantee>
	</user-data-constraint>
</security-constraint>
<login-config>
	<auth-method>CLIENT-CERT</auth-method>
</login-config>

<security-role>
	<role-name>clientHttpsRole</role-name>
</security-role>

and I created the user:
<user username="CN=WHATEVER" password="null" roles="clientHttpsRole"/>

Here is the snip with the https connector of the server.xml:
    <Connector port="8443"
          maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" debug="0" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
          keystoreFile="keystore" keystorePass="password"
          truststoreFile="keystore" truststorePass="password"/>



What makes me worry is that it works fine when I set the https connector
with clientAuth="true".




-- 

Atentamente,
Nicolás Velásquez O.
Bogotá, Colombia

(^)   ASCII Ribbon Campaign
  X    NO HTML/RTF in e-mail
/ \   NO Word docs in e-mail


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message