tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject re: physical access card authentication (was: MY Tomcat version :- 7.0.40 and deployed on CentOS)
Date Tue, 03 Sep 2013 21:51:14 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sushil,

On 8/30/13 4:50 AM, Sushil Prusty wrote:
> Thanks to show me a light in black dark room. Please just look
> below work flow and requirement.
> 
> 
> Before login to my web application, i need to swap data card to
> access my web application. So data card  should be certified by
> OCSP instead CRL. My java based web application is deployed on
> apache tomcat 7.0.40 ,so i think i need to integrate OCSP some
> where in apache tomcat to certify my application? Or do you i need
> to write any external java program to interact with ocsp responder
> ?
> 
> Is there any java api for provided by apache?

AFAIK, there is no way for Tomcat (on a server) to interact securely
with your data card (on the client) in a secure way. The best way you
can do this kind of thing is via some browser plug-in or OS-based
solution that can verify that the card is actually present, then take
some data from the server and encrypt it with the secret stored on the
card, then send it back to the server.

Tomcat does not have anything like this available.

Maybe someone on the list who knows how those kinds of authentication
systems work can comment on your options. I'm sorry... I don't know
anything about this realm of authentication (pun intended, unfortunately).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSJlnSAAoJEBzwKT+lPKRYKW8P/A45T2+B16jHzTsPcE+AMP9g
22GXsxs/qqZ7qfsKwe++h4zi8dQ738tUIC7UZ1EFNZe6qzn3cKZE/UTlDRRbDBzo
gAOu1COY8Eo/cWCTI8zG33/Qi9GIVEJPTD5lukqDOej1ZPqOViTLYDBuyxwPedKZ
yU218IX4qFI7tOcsPieeVDGGRfUUqHcWt0oENb05GsFO6FMYUjqFUJ5bFIGNr/lP
suyXd0+LGMzatjB3RijeyTOP/p8uRjpHgUcjFhLF3RYtsW63us9fMYH8h5u+7xt/
Fk1FH/2YakynYzEcHNUzMZPKB51M2NEUJZ85TOiC6sj1ejeWnwZ8J5JVjQvN9i+8
Lfk6d9YbYnV+X395wIlRLHvoMr2Tcqh2dbpulmNys/YK5lrHTs5Z2TZfGN+SZcZo
e/gaeqUeAQ7eB7/HGxvEfNiNDUGinyIWRwyYw1xxTctwF+SoFiDIPnzV9rPxmpU+
wA8xdDFVxfpuC2IPcyLW3O5+QXxzZ7Hsh7bLmacjFyDuKsmlvNC3JeJl57twcjGQ
w2VIvuTuHJUAmaXDo+ZNqxrP47S61waHGgHJwRsUVUcWgWDPy7qIpscPQmnXMK+S
95vDXE+eNsNFH4BKVn4UVmDkWVKW+7dtXscw6hneE8RalZ3KIhg0LxCnVwm0+iZZ
/FB7wA+848a8qLjvs1if
=Y66v
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message