tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Pascual Forner <>
Subject Authenticate with X509 certification
Date Wed, 04 Jun 2008 09:10:24 GMT

   I need autheticate ONLY with client certificate (i.e., I don't want
to check any user's database) . I did that follow:

   1. I write a "X509Realm", with a method "authenticate" that
      only check the validity of each certificate in the
      certification's chain (don't check if the user exists in
      any database).
   2. Declare this new class in
      "org/apache/catalina/realm/mbeans-descriptors.xml" and
   3. Edit "server.xml" and configure the realm.
   4. Edit "web.xml" to set the auth-method to "CLIENT-CERT"
   5. Put "X509Realm.class" and "mbeans-descriptors.xml" in
      "server/classes", with the correct path.
   6. Restart Tomcat.

   Now, I can authenticate with X509 certificate, and get the
client certificate with
getAttribute("javax.servlet.request.X509Certificate"). But,
sometimes, this method returns null. Why?


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message