tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dmccrthy <dmccr...@gmail.com>
Subject Tomcat 7.0.56 - How to configure Tomcat/JRE 7u72 for client HTTPS Mutual Authentication connections
Date Thu, 08 Jan 2015 13:51:24 GMT
Hi,

Is it possible to configure or hack Tomcat in some way to intercept
outbound HTTP URL requests from a deployed web application and convert them
to HTTPS with Mutual Authentication?

My scenario is:

* 3rd party web application that makes client invocations to a server that
requires HTTPS with Mutual Authentication
* I don’t know what framework the web application uses or how it creates
the HTTP client connections
* I can’t make changes to the 3rd party application

I have investigated the below but they don’t seem to offer a solution

* Adding Custom Resource Factories -
http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-
<http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html>
howto.html
<http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html>.  This
requires changes to the client application
* HTTP connector - http://tomcat.apache.org/tomcat-7.0-doc/config/http.html.
This is for the Tomcat web server, not for outbound client connections

I have successfully configured the server and can make SoapUI calls to it
using HTTPS and Mutual Authentication. If I had control of the client code
I would use HttpClient and accomplish it that way.

For the Tomcat client application I have searched Google, Stackoverflow,
and the Tomcat wiki and mail archives but all HTTPS/Mutual Authentication
solutions I can find refer to Tomcat as the web server, not to web
applications making outbound connections from a Tomcat instance.

If there is no option to configure Tomcat then the only options I can think
of are below, but if anyone has any other insights it would be much
appreciated.

1) Write a between the Tomcat “client” instance and the HTTPS/MA endpoint
2)  Find out the framework/socket factory/url connection factory the
3rdparty web app uses and override it with a Tomcat plugin
3)  Raise a feature request with the 3rd party vendor to support HTTPS/MA

Many thanks,
Diarmuid McCarthy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message