tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chaitresh" <>
Subject <login-config> <auth-method> CLIENT-CERT - How do I make it work????
Date Fri, 28 Dec 2001 23:41:08 GMT
Hi all,

Heres what I'm using:

OS: Win 2000
Tomcat version: 4
Client Browser: IE 5+

I am trying to protect a jsp/servlet resource in my website. I want to give access to the
resource if the right certificate is provided by the user. Making a ssl connection with client
authentication is not a problem. This is the part of my server.xml that allows ssl with client

---- snip begin [server.xml] -----

<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5"
maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
  <Factory className="" clientAuth="true"
---- snip end [server.xml] -----

So whenever I go to my webserver (https://localhost:8443") IE pops up a list of certificates
that I can send back to the server. I select one of the many certificates that my website
has given me and send it back to the server.

_Heres my problem_:

At the server I want to check the Common Name in the certificate sent by the client. I figured
that I will be able to do so by getting the Principal via "request.getUserPrincipal()" and
digging into it. But it returns null. Then I realized that I must make some additions/changes
in the tomcat-users.xml and web.xml. But I am not really clear as to what these additions/changes
are and I have not found any good resource on the web explaining the same. Heres how parts
of my xml files look like:

---- snip begin [web.xml] -----

 <web-resource-name>Entire Application</web-resource-name>

<!-- Define the Login Configuration for this Application -->
 <realm-name>Tomcat Manager Application</realm-name>

---- snip end [web.xml] -----


---- snip begin [tomcat-users.xml] -----

  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />

  <!-- Common name in the clients certificate is 3763 -->
  <user name="3763"   password="tomcat" roles="tomcat"  />


---- snip end [tomcat-users.xml] -----

The Common Name in the certificate is 3763 (the certificate I want to grant access to). However
I have know idea where the password comes into picture.

I am sure things are incorrect or missing, I'd really appreciate if anyone can help me.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message