RE: tomcat certificate
Yes, you are right. Before my server.xml file had the following realm defined: factory org.apache.catalina.users.MemoryUserDatabaseFactory pathname conf/tomcat-users.xml I have replaced it with the memory realm: And now it accepts the client certificate. Thank you very much for your help. And I think you are right, the error in the "catalina.out" file is a JMX issue. Regards, Idoia "Mark Thomas" <[EMAIL PROTECTED]Para: "'Tomcat Users List'" <[EMAIL PROTECTED]> >cc: Asunto: RE: tomcat certificate 25/03/04 19:48 Por favor, responda a "Tomcat Users List" I've look at the code and it would help if you could post your realm definition. Thanks, Mark > -Original Message- > From: Mark Thomas [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 25, 2004 6:00 PM > To: 'Tomcat Users List' > Subject: RE: tomcat certificate > > OK. Light dawns. Can you try using the memory realm? My realm > definition looks > like: > > > Looking again at the exception it looks like a JMX issue with the > UserDatabaseRealm MBean and user names containing '='. I'll > have a look at the > code. > > Mark > > > -Original Message- > > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 25, 2004 9:01 AM > > To: Tomcat Users List > > Subject: RE: tomcat certificate > > > > > > My server.xml file has: > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" debug="0" scheme="https" secure="true" > > clientAuth="true" sslProtocol="TLS" > > keystoreFile > > ="/home/tomcat/jakarta-tomcat-5.0.19/conf/ssl/server/server.ks" /> > > > > > > The tomcat-users.xml file has: > > > > > roles="certs"/> > > > > > > The web.xml file of the application is: > > > > > > > Web Application > > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > Empty web.xml file for Web > > Application > > > > 35 > > > > > > html > > text/html > > > > > > txt > > text/plain > > > > > > index.jsp > > index.html > > > > > > Saturn database > > jdbc/saturn > > javax.sql.DataSource > > SERVLET > > > > > > > > Protected > > Area > > /pim.htm > > > > > > certs > > > > > > > > CONFIDENTIAL > > > &
RE: tomcat certificate
List" This works for me. Can you post the equivalent sections of your configuration files so I can compare them to mine? Thanks, Mark > -Original Message- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 24, 2004 7:51 AM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > We are using Tomcat 5.0.19 over Linux. > > Idoia > > > > > > "Mark Thomas" > > > <[EMAIL PROTECTED]Para: > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > >cc: > > >Asunto: RE: > tomcat certificate > > 23/03/04 20:32 > > > Por favor, > > > responda a > > > "Tomcat Users > > > List" > > > > > > > > > > > > Which version of tomact are you using? > > Mark > > > -Original Message- > > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 23, 2004 5:00 PM > > To: Tomcat Users List > > Subject: RE: tomcat certificate > > > > > > I have configured the files as you said in the e-mail, but > > when I start > > Tomcat I get the following error in "catalina.out" file: > > Exception creating UserDatabase MBeans for UserDatabase > > javax.management.MalformedObjectNameException: Invalid > > character '=' in > > value part of property > > > > And it is because of the following property value in the > > "tomcat-users.xml" > > file: > > username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB" > > It seems tomcat does not like the ´=' character inside a > > property value. > > I have also tried writing: > > username="CN\=Mark Thomas, OU\=WWW, O\=XXX, L\=YYY, ST\=ZZZ, C\=GB" > > But I still get the same error. > > > > Don´t you get the same error message? How can I avoid this? > > > > Thanks in advance and regards, > > Idoia > > > > > > > > > > > > > > > > "Mark Thomas" > > > > > > <[EMAIL PROTECTED]Para: > > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > >cc: > > > > > >Asunto: RE: > > tomcat certificate > > > > 18/03/04 20:46 > > > > > > Por favor, > > > > > > responda a > > > > > > "Tomcat Users > > > > > > List" > > > > > > > > > > > > > > > > > > > > > > > > The important files are: > > server.xml: > > >port="8443" minProcessors="5" maxProcessors="75" > >enableLookups="true" > >acceptCount="100" debug="0" scheme="https" secure="true" > >useURIValidationHack="false" > > disableUploadTimeout="true"> > >> ="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > >keystoreFile="conf/.keystore" > >clientAuth="false" protocol="TLS" /> > > > > ... > > > > > > tomcat-users.xml: > >> password="null" roles="tomcat,certs"/> > > > > web.xml: > > > > > > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > > > > > Bug 12218 > > > > Test web app for bug 12218. > > > > > > > > > > App > > /protected.jsp > > > > > > tomcat > > > > > > > > CONF
RE: tomcat certificate
We are using Tomcat 5.0.19 over Linux. Idoia "Mark Thomas" <[EMAIL PROTECTED]Para: "'Tomcat Users List'" <[EMAIL PROTECTED]> >cc: Asunto: RE: tomcat certificate 23/03/04 20:32 Por favor, responda a "Tomcat Users List" Which version of tomact are you using? Mark > -Original Message- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 23, 2004 5:00 PM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > I have configured the files as you said in the e-mail, but > when I start > Tomcat I get the following error in "catalina.out" file: > Exception creating UserDatabase MBeans for UserDatabase > javax.management.MalformedObjectNameException: Invalid > character '=' in > value part of property > > And it is because of the following property value in the > "tomcat-users.xml" > file: > username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB" > It seems tomcat does not like the ´=' character inside a > property value. > I have also tried writing: > username="CN\=Mark Thomas, OU\=WWW, O\=XXX, L\=YYY, ST\=ZZZ, C\=GB" > But I still get the same error. > > Don´t you get the same error message? How can I avoid this? > > Thanks in advance and regards, > Idoia > > > > > > > > "Mark Thomas" > > > <[EMAIL PROTECTED]Para: > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > >cc: > > >Asunto: RE: > tomcat certificate > > 18/03/04 20:46 > > > Por favor, > > > responda a > > > "Tomcat Users > > > List" > > > > > > > > > > > > The important files are: > server.xml: > port="8443" minProcessors="5" maxProcessors="75" >enableLookups="true" >acceptCount="100" debug="0" scheme="https" secure="true" >useURIValidationHack="false" > disableUploadTimeout="true"> >="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" >keystoreFile="conf/.keystore" >clientAuth="false" protocol="TLS" /> > > ... > > > tomcat-users.xml: >password="null" roles="tomcat,certs"/> > > web.xml: > > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > Bug 12218 > > Test web app for bug 12218. > > > > > App > /protected.jsp > > > tomcat > > > > CONFIDENTIAL > > > > > CLIENT-CERT > > > > tomcat > > > > > > The steps I te
RE: tomcat certificate
I have configured the files as you said in the e-mail, but when I start Tomcat I get the following error in "catalina.out" file: Exception creating UserDatabase MBeans for UserDatabase javax.management.MalformedObjectNameException: Invalid character '=' in value part of property And it is because of the following property value in the "tomcat-users.xml" file: username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB" It seems tomcat does not like the ´=' character inside a property value. I have also tried writing: username="CN\=Mark Thomas, OU\=WWW, O\=XXX, L\=YYY, ST\=ZZZ, C\=GB" But I still get the same error. Don´t you get the same error message? How can I avoid this? Thanks in advance and regards, Idoia "Mark Thomas" <[EMAIL PROTECTED]Para: "'Tomcat Users List'" <[EMAIL PROTECTED]> >cc: Asunto: RE: tomcat certificate 18/03/04 20:46 Por favor, responda a "Tomcat Users List" The important files are: server.xml: ... tomcat-users.xml: web.xml: http://java.sun.com/dtd/web-app_2_3.dtd";> Bug 12218 Test web app for bug 12218. App /protected.jsp tomcat CONFIDENTIAL CLIENT-CERT tomcat The steps I tend to follow when setting this sort of thing up are: 1. Build simple two page web app. 2. Configure one page to require basic authentication 3. Test basic auth - checks tomcat-users.xml and realm set up correctly 4. Configure SSL 5. Test http://localhost:8443/ - checks SSL set up 6. Test app with SSL - not really necessary but best to double check 7. Reconfigure app to use CLIENT-CERT > -Original Message- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 18, 2004 8:01 AM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > Could you send us a sample of that "web.xml" file? > I am also using client certificates over SSL with Tomcat, > but as I could > not find much information about it in Tomcat I configured it > with Apache. > > Idoia > > > > > > "Mark Thomas" > > > <[EMAIL PROTECTED]Para: > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > >cc: > > >Asunto: RE: > tomcat certificate > > 17/03/04 21:22 > > > Por favor, > > > responda a > > > "Tomcat Users > > > List" > > > > > > > > > > > > This is not correct. Tomcat does support CLIENT-CERT authentication > 'out-of-the-box'. When combined with appropriate > authorisation constraints > in > web.xml you can limit access to specific URLs. > > I have this working quite happily. > > Mark > > > -Original Message- > > From: Rommel Sharma [mailto:[EMAIL PROTECTED] > > Sent: Monday, February 23, 2004 11:28 AM > > To: Tomcat Users List > > Subject: Re: tomcat certi
RE: tomcat certificate
uld > > delete this message and are hereby notified that > > any disclosure, copying, or distribution of this > > message, or the taking of any action based on it, > > is strictly prohibited. > > > > * > > Visit us at http://www.mahindrabt.com > > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > suit partout ! > > Créez votre Yahoo! Mail > > * > Disclaimer > > This message (including any attachments) contains > confidential information intended for a specific > individual and purpose, and is protected by law. > If you are not the intended recipient, you should > delete this message and are hereby notified that > any disclosure, copying, or distribution of this > message, or the taking of any action based on it, > is strictly prohibited. > > * > Visit us at http://www.mahindrabt.com > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Idoia Murua Belacortu Dpto. de Sistemas de Información y Telecomunicaciones Information Systems & Telecommunications Dept. ROBOTIKER, Corporación Tecnológica TECNALIA. Parque Tecnológico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN). Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99 [EMAIL PROTECTED], www.robotiker.com "Este correo electrónico contiene información privada que puede estar legalmente protegida, parcial o totalmente. Es sólo para uso del destinatario al que está dirigido. Si ha recibido este mensaje por error, le rogamos que lo notifique al remitente del email y que además borre de su sistema el mensaje así como todas sus copias, incluyendo las posibles copias del mismo en su disco duro, y se abstenga de usar, revelar, distribuir a terceros, imprimir o copiar ninguna de las partes de este mensaje". "Mezu elektroniko honek informazio pribatua du, partzialki edo osorik legez babestuta egon daitekeena. Bidali nahi zaion hartzaileak erabiltzeko bakarrik da. Mezu hau hutsegite baten ondorioz jaso baduzu, mesedez, mezuaren igorleari jakinaraztea eta mezua eta horren kopia guztiak ezabatzea eskatzen dizugu, disko gogorrean izan ditzakezunak barne. Eta, orobat, ez erabili mezu honen zatirik, ez eta erakutsi, beste pertsona batzuei banatu, inprimatu edo berridatzi ere". "This e-mail contains proprietary information some or all of which may be legally protected. It is for sole use of the intended recipient only. If you have received this message by mistake, you are requested to notify the e-mail sender and erase both the message and any copies from your system, including hard disk copies. You are further requested to refrain from using, distributing to third parties, printing or making copies of any parts of this message". - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JK2 equivalent of JK's JkEnvVar
Hi, I am using Tomcat 5.0.19, Apache Web server 2.0.48 and the JK connector. I wanted to pass some SSL environment variables from Apache to Tomcat, as for example SSL_CLIENT_S_DN_CN or SSL_SERVER_S_DN_CN. In the original JK there was a JkEnvVar config option that exported an environment variable to Tomcat, but it does not work now in JK2. Does anybody know how this funtionality has been carried out to JK2? Thanks in advance. Idoia Idoia Murua Belacortu Dpto. de Sistemas de Información y Telecomunicaciones Information Systems & Telecommunications Dept. ROBOTIKER, Corporación Tecnológica TECNALIA. Parque Tecnológico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN). Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99 [EMAIL PROTECTED], www.robotiker.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
