tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Goo Sam Kong <skgo...@gmail.com>
Subject Re: smartcards for tomcat webapps
Date Thu, 08 Apr 2010 04:04:37 GMT
Yes, I imported the issuer of client certificate, (the issuer can
self-signed or signed by others) into the trust store using Java
keytool command.

Below is the web.xml settings...

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>
				Protected Area
			</web-resource-name>
			<url-pattern>/private/*</url-pattern>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>
	<login-config>
		<auth-method>CLIENT-CERT</auth-method>
	</login-config>

On 7 April 2010 20:50, Michael Dockery <dockeryjavaman@yahoo.com> wrote:
> Thank you.
>
> So did you load the  ca root cert (self-signed "top of chain") into the truststorefile?
  via keytool?
>
> also
>
> does your web app's web.xml have the following?
>  <login-config>
>    <auth-method>CLIENT-CERT</auth-method>
>  </login-config>
> and
> <security-constraint>
> ...
>    <user-data-constraint>
>    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>    </user-data-constraint>
> </security-constraint>
>
>
>
>
> ________________________________
> From: Goo Sam Kong <skgoo88@gmail.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Tue, April 6, 2010 10:21:49 PM
> Subject: Re: smartcards for tomcat webapps
>
> On 6 April 2010 20:39,  <dockeryjavaman@yahoo.com> wrote:
>> Anyone using smartcards for auth?
>>
>> If so, have specific example code excerpt and server.xml?
> Minimum configuration changes required for HTTPS connector in
> server.xml is to add attributes below and amend value of clientAuth
> attribute from false to true or want.
>
> 1. truststoreFile
> 2. truststorePass
> 3. truststoreType
>
>    <!-- Define a SSL HTTP/1.1 Connector on port 8443
> connectionTimeout="15000" -->
>    <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               clientAuth="want/true" sslProtocol="TLS"
>           truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" />
>
> No code change required in server side.
>
> Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for
> SSL configuration in server.xml.
>>
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message