tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <>
Subject FW: Problems with HTTPS Mutual authentication with big petitions
Date Fri, 04 Jan 2008 23:26:28 GMT


did you configure with JAAS?
Are you using 5.5 TC? Saludos
Martin ______________________________________________Disclaimer and confidentiality noteEverything
in this e-mail and any attachments relates to the official business of Sender. This transmission
is of a confidential nature and Sender does not endorse distribution to any party other than
intended recipient. Sender does not necessarily endorse content contained within this transmission.>
Date: Fri, 4 Jan 2008 16:52:31 -0500> From:> To:>
Subject: Problems with HTTPS Mutual authentication with big petitions> > > Hello,
I'm running into problems when I try to configure tomcat to> validate the client by its
https cert with big requests. I'm using it> with forms and when the send the form to the
server with big> (10-15Kbytes) requests it fails, but when I send small (90 bytes)>
requests it works.> > I have on the web.xml a security constrain:> <security-constraint>>
<web-resource-collection>> <web-resource-name>Mutual auth</web-resource-name>>
<url-pattern>/page1.htm</url-pattern>> <url-pattern>/page2.htm</url-pattern>>
</web-resource-collection>> <auth-constraint>> <role-name>clientHttpsRole</role-name>>
</auth-constraint>> <user-data-constraint>> <transport-guarantee>>
CONFIDENTIAL> </transport-guarantee>> </user-data-constraint>> </security-constraint>>
<login-config>> <auth-method>CLIENT-CERT</auth-method>> </login-config>>
> <security-role>> <role-name>clientHttpsRole</role-name>> </security-role>>
> and I created the user:> <user username="CN=WHATEVER" password="null" roles="clientHttpsRole"/>>
> Here is the snip with the https connector of the server.xml:> <Connector port="8443">
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"> enableLookups="false" disableUploadTimeout="true">
acceptCount="100" debug="0" scheme="https" secure="true"> clientAuth="false" sslProtocol="TLS"
keystoreType="JKS"> keystoreFile="keystore" keystorePass="password"> truststoreFile="keystore"
truststorePass="password"/>> > > > What makes me worry is that it works fine
when I set the https connector> with clientAuth="true".> > > > > -- >
> Atentamente,> Nicolás Velásquez O.> Bogotá, Colombia> > (^) ASCII Ribbon
Campaign> X NO HTML/RTF in e-mail> / \ NO Word docs in e-mail> > > --------------------------------------------------------------------->
To start a new topic, e-mail:> To unsubscribe, e-mail:>
For additional commands, e-mail:> 

Watch “Cause Effect,” a show about real people making a real difference. Learn more 
Put your friends on the big screen with Windows Vista® + Windows Live™.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message