Hello,
You are receiving this message in follow-up to a report
received by the EarthLink Abuse Department. You may have
submitted this report to a number of addresses including but
not limited to [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
or [EMAIL PROTECTED]
Most reports of network abuse sent to this department fall
into a few recognizable categories (spam, cracking, viruses,
etc.). To increase efficiency, our filters scan incoming
reports and attempt to determine the general type of issue
being reported.
We were not able to process your report because it does not
appear to include the information needed for EarthLink Abuse
to begin it's investigation. Evidence to Abuse should always
include the IP address of the offending party and a valid
timestamp, which includes time, date and timezone.
To learn how to report spam so action is taken:
http://spam.abuse.net/userhelp/howtocomplain.shtml
To learn how to locate and interpret e-mail headers in your
e-mail client:
http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp
Other useful lookup tools:
http://samspade.org/
Once you have included the pertinent information needed,
please resubmit your report, and include this autoresponse.
Your report will then be reprocessed by our filters.
However, you should expect to receive another auto-response
after your resubmission is re-examined, but due to the large
number of reports we receive, please understand that you may
not receive a personal response.
Our policies can be found at the following page:
http://earthlink.net/about/policies/
Thanks,
The EarthLink Abuse Staff
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115
JDBCRealm does not work with HTTPS client certificate authentication
Summary: JDBCRealm does not work with HTTPS client certificate
authentication
Product: Tomcat 4
Version: 4.1.24
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Description:
In org.apache.catalina.realm.JDBCRealm, the method protected Principal
getPrincipal(String username), implementing an abstract method inherited from
org.apache.catalina.realm.RealmBase is not properly implemented : it simply
returns null. The consequence is that if any client with a valid HTTPS
certificate tries to connect to a webapp with CLIENT-CERT authorization login,
he will not be identified by the system and get a HTTP402 error (something
telling that his credentials are not sufficient...).
A Solution:
In order to make it work, I simply implemented that method as follows:
protected Principal getPrincipal(String username) {
Principal result = authenticate(username, tomcat);
return result;
}
In the DB, for each client you have to put the full DN of the client
certificate into the 'login' column, and 'tomcat' as password.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]