tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Authenticate with X509 certification
Date Thu, 05 Jun 2008 04:42:48 GMT

"Luis Pascual Forner" <lpascual@ival.com> wrote in message 
news:48465C00.503@ival.com...
> Hi,
>
>   I need autheticate ONLY with client certificate (i.e., I don't want
> to check any user's database) . I did that follow:
>
>   1. I write a "X509Realm", with a method "authenticate" that
>      only check the validity of each certificate in the
>      certification's chain (don't check if the user exists in
>      any database).
>   2. Declare this new class in
>      "org/apache/catalina/realm/mbeans-descriptors.xml" and
>      "rg/apache/catalina/mbeans/mbeans-descriptors.xml".
>   3. Edit "server.xml" and configure the realm.
>   4. Edit "web.xml" to set the auth-method to "CLIENT-CERT"
>   5. Put "X509Realm.class" and "mbeans-descriptors.xml" in
>      "server/classes", with the correct path.
>   6. Restart Tomcat.
>
>   Now, I can authenticate with X509 certificate, and get the
> client certificate with
> getAttribute("javax.servlet.request.X509Certificate"). But,
> sometimes, this method returns null. Why?
>

Almost certainly means that the client didn't send a cert.  But more info on 
your setup would get a better response.  For example are you using the APR 
or the JIO Connector?

> regards
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message