tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Switching basic auth to client-cert with realms - how?
Date Fri, 13 Mar 2015 19:39:00 GMT
Hi all,

I have a basic authentication setup that works great as below.


	<!-- Security roles referenced by this web application -->

It is backed up with a realm like this:

          <Realm className=“org.apache.catalina.realm.DataSourceRealm"
                 userTable="person" userNameCol="mail"
                 userRoleTable="company_person" roleNameCol="serial" />

I need to switch basic authentication to client certificates, as provided by Apache httpd
and proxied in with AJP. The username is provided by Apache httpd in REMOTE_USER.

In theory, changing the auth-method to CLIENT-CERT should do the trick, but I just get forbidden.

What doesn’t seem to fit is the realm definition - specifying userCredCol is marked as mandatory,
but this is obviously not present with a client certificate. What do you specify in this field?

Does anyone have a working example of authentication using client certificates and authorization
using a realm backed with a DataSource?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message